Gregg's Security News Aggregator

Currently, this "blog" is nothing more than a news aggregator which

gets security information from over 30 sources. As you'll note,

a number of the sources are not specific to security. Advanced

filtering is definitely needed.






Subscribe to "Gregg's Security News Aggregator" in Radio UserLand.

Click to see the XML version of this web page.

Click here to send an email to the editor of this weblog.
 

 

Sunday, April 25, 2004
 

----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
1.  OO.org Selects Its Own Sea Bird
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
2.  New LSASS RPC exploit; Port 443; The Week Ahead

11:34:36 PM    comment []

----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
1.  Justice Dept. Identifies Internet Pirates (AP). AP - An international effort to dismantle major Internet piracy groups has identified more than 100 people in the United States and abroad involved in the theft of more than $50 million in music, movies, games and computer software, U.S. authorities said.
2.  Senate Weighs Web Connection Tax Ban (AP). AP - Sen. John McCain is working to revive a bill banning taxes on Internet connections, a measure that bogged down last year amid worries that state and local governments could lose billions in tax revenue.

10:34:17 PM    comment []

----------------------------------------------------------------------
New York Times: Technology
----------------------------------------------------------------------
1.  Technology and Show Business Kiss and Make Up. After years of acrimony, there are new signs that Hollywood and Silicon Valley are learning to get along. By Evelyn Nussenbaum.
2.  A Quirky Brilliance vs. the Dreams of Venture Capitalists. Not every company would coyly spurn billions of dollars and front-page attention. Yet Google seems intent on staying private as long as possible. Why? By Saul Hansell.
3.  I.B.M. Joins Stanford to Find Uses for Electron Spin. I.B.M. and Stanford plan to open a joint research program to focus on an esoteric field which is often called spintronics. By Barnaby Feder.
----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
4.  Bush Calls for Ban on Broadband Taxes (AP). AP - President Bush on Sunday urged Congress to slap a permanent ban on taxes consumers pay for high-speed Internet hookups.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
5.  Morphing Plane Wings for Efficient Flights

9:33:55 PM    comment []

----------------------------------------------------------------------
Boing Boing
----------------------------------------------------------------------
1.  Latte art, part two. Following up on this earlier Boingboing post, an anonymous reader points us to this cool news article about a guy in Australia who one-ups all those sucka baristas makin' hearts and zigzags in the caffe lattes.
X-NAS-Bayes: #0: 2.50558E-056; #1: 1 X-NAS-Classification: 0 X-NAS-MessageID: 27 X-NAS-Validation: {E681C936-E9F0-4DDC-9901-74301AF33E67}

"When you pour the milk in and the cream hits, it's just like a blank canvas on which to paint," the 36-year old said. Mr Phillips and fiancee Bernadette Farrugia started Flavors of Lakhoum in Swan St five years ago and he dabbled with the idea while pouring coffee.

"Sometimes you see swirls and patterns when you're pouring the coffee in, and one day I was pouring it and I saw an eye appear," he said. "From there I just drew in a mouth and ears. I've been slowly practising since then, but have got pretty good in the last few months - every month I find ways to add more detail."

Link
----------------------------------------------------------------------
Hack the Planet
----------------------------------------------------------------------
2.  On the advanced version control front, Codeville and Monotone seem to be making good progress but neither one has stabilized.
----------------------------------------------------------------------
Help Net Security
----------------------------------------------------------------------
3.  Customize this feed. Add more items, descriptions, time stamps, select your version of RSS, aggregate several feeds... Check out NewsIsFree's premium syndication services! (18)

8:33:36 PM    comment []

----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
1.  U.S. considering ratifying Cybercrime treaty

7:33:17 PM    comment []

----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
1.  Summer Is Coming; Will Your Mousing Hand Survive?
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
2.  Exuberant Ctags Insecure Temporary File Creation
3.  Linux Kernel NFS XDR DoS

7:33:16 PM    comment []

----------------------------------------------------------------------
Ars Technica
----------------------------------------------------------------------
1.  The kids can't add, but they'll know the industry's stance on copyright. The MPAA has poured US$200,000 into developing an educational program aimed at teaching kids the MPAA's stance on copyright issues. By Ken "Caesar" Fisher.
----------------------------------------------------------------------
CNET News.com
----------------------------------------------------------------------
2.  Yahoo gives IM 'all new' look. The launch of "The All New Yahoo Messenger" upgrade follows similar moves by rivals America Online and Microsoft.
----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
3.  Americans Head Back Online For Music (washingtonpost.com). washingtonpost.com - An estimated 6 million people have stopped downloading copyrighted music from the Internet over fears that they may sued by the recording industry, but the overall number of Americans who download music is rising with the popularity of iTunes, Napster and other legitimate online music services, according to a survey released today by the Pew Internet & American Life Project.
4.  Japan's Konica Minolta to Build New LCD Film Plant (Reuters). Reuters - Japanese precision equipment maker Konica Minolta Holdings said on Sunday it would spend about 8 billion yen ($73.15 million) on a new factory to boost its capacity for liquid crystal display (LCD) film.
5.  Survey: Fewer Adults Downloading Music (AP). AP - Driven largely by fears of copyright lawsuits, more than 17 million Americans, or 14 percent of adult Internet users, have stopped downloading music over the Internet, a survey finds.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
6.  After DeCSS, DVD Jon Releases DeDRMS
----------------------------------------------------------------------
SecurityFocus Vulns
----------------------------------------------------------------------
7.  Vulns: Cisco Internet Operating System SNMP Message Processing Denial Of Service Vulnerability. Cisco Internet Operating System (IOS) is run on Cisco networking devices. The Simple Network Management Protocol is a protocol used by the affected devices to allow for r...
8.  Vulns: Linux Kernel ISO9660 File System Buffer Overflow Vulnerability. The ISO9660 File System is commonly implemented on CDROM and DVDROM media, and is processed within the Linux Kernel. X-NAS-Bayes: #0: 4.59861E-062; #1: 1 X-NAS-Classification: 0 X-NAS-MessageID: 23 X-NAS-Validation: {E681C936-E9F0-4DDC-9901-74301AF33E67}

It has been reported that the Linux Kernel is prone ...

----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
9.  Le point sur la technologie RFID et ses implications

6:32:55 PM    comment []

----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
1.  Beyond Megapixels
----------------------------------------------------------------------
SecurityFocus Vulns
----------------------------------------------------------------------
2.  Vulns: Epic Games Unreal Tournament Engine UMOD Manifest.INI Remote Arbitrary File Overwrite Vulnerability. Unreal Tournament is a popular first person shooter video game implemented for the Linux, Mac OS and Windows platforms. The Unreal Engine is at the foundation of a number...
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
3.  iStumbler 85 - "free, open source tool for finding wireless networks and devices with your AirPo...

5:32:37 PM    comment []

----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
1.  French Lawsuit Challenges Google (AP). AP - AXA, the world's No. 3 insurer, is taking Google Inc. to court next month in the latest trademark challenge to threaten the heart of Google's business model — advertising.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
2.  How The DMCA Affects Search Engines
----------------------------------------------------------------------
Hack the Planet
----------------------------------------------------------------------
3.  MSDN: Security in Longhorn: Focus on Least Privilege. They seem to have redefined "least privilege" to mean "not every privilege in the entire universe", but the no-risk permission set stuff looks like a step in the right direction (and proof that Microsoft knows a good Java feature when they see it).
----------------------------------------------------------------------
SecurityFocus Vulns
----------------------------------------------------------------------
4.  Vulns: NewsTraXor Remote Database Disclosure Vulnerability. NewsTraXor is a website management script implemented in ASP. It is freely available for Microsoft Windows. X-NAS-Bayes: #0: 1.90764E-052; #1: 1 X-NAS-Classification: 0 X-NAS-MessageID: 16 X-NAS-Validation: {E681C936-E9F0-4DDC-9901-74301AF33E67}

Reportedly NewsTraXor is affected by a remote database discl...

5.  Vulns: PISG IRC Nick HTML Injection Vulnerability. pisg is an IRC channel statistics generator implemented in PERL. pisg will generate HTML pages from logs; the HTML pages are usually stored on a publicly accessible web s...

4:32:15 PM    comment []

----------------------------------------------------------------------
Ars Technica
----------------------------------------------------------------------
1.  Forgent sues over JPEG technology patent. The JPEG image format is an ISO standard. Like all ISO standards, it is supposed to be royalty-free, but Forgent Networks claims it has a patent on part of the technology By Matt Woodward.
----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
2.  Anne Frank photos and film available on new website (AFP). AFP - Rare photographs and a short film of Anne Frank, whose diary of her time in hiding in Nazi-occupied Amsterdam made her a symbol of the Holocaust, are now available online, the Anne Frank House said.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
3.  MPAA Funds School Programs In Copyright Dogma
----------------------------------------------------------------------
SecurityFocus Vulns
----------------------------------------------------------------------
4.  Vulns: Xine And Xine-Lib Multiple Remote File Overwrite Vulnerabilities. xine is a freely available multimedia player designed for Unix/Linux variants. There is also a xine-lib, which is a C library that may be used to develop third party mult...
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
5.  Premières mises en application de la loi Perben II

2:31:36 PM    comment []

----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
1.  People Feel Loyalty To Computers
----------------------------------------------------------------------
SecurityFocus Vulns
----------------------------------------------------------------------
2.  Vulns: Neon WebDAV Client Library Format String Vulnerabilities. Neon is a client side library supporting HTTP and WebDAV interfaces. It is freely available under the GNU Public License for Unix and Unix variants. X-NAS-Bayes: #0: 1.3161E-088; #1: 1 X-NAS-Classification: 0 X-NAS-MessageID: 12 X-NAS-Validation: {E681C936-E9F0-4DDC-9901-74301AF33E67}

It has been reporte...

3.  Vulns: Red Hat Linux GNU Mailman Remote Denial Of Service Vulnerability. GNU Mailman is a web integrated software package used for managing electronic mail discussion and e-newsletter lists. It is freely distributed under the GNU Public Licen...
4.  Vulns: Squid Proxy NULL URL Character Unauthorized Access Vulnerability. Squid is a freely available, open source web proxy software package. It is designed for use on the Unix and Linux platforms.

A vulnerability has been identified in the a...

5.  Vulns: CVS Client RCS Diff File Corruption Vulnerability. CVS is the Concurrent Versions System, which is a freely available open-source version management package. It is available for the Unix and Linux operating systems.

A v...

6.  Vulns: CVS Server Piped Checkout Access Validation Vulnerability. CVS is the Concurrent Versions System, which is a freely available open-source version management package. It is available for the Unix and Linux operating systems.

CVS...

7.  Vulns: XChat SOCKS 5 Remote Buffer Overrun Vulnerability. A remotely exploitable buffer overrun was reported in XChat. This issue exists in the SOCKS 5 proxy code.

This stack-based buffer overrun could be exploited by a mali...


1:31:20 PM    comment []

----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
1.  Gaim Forks To Get Voice And Video Support
2.  DCC2 Protocol for IRC file transfers
3.  Google's Gmail Goes Into Beta for Blogger Users
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
4.  Citibank Phishing scam currently in operation: Email received

1:31:17 PM    comment []

----------------------------------------------------------------------
Boing Boing
----------------------------------------------------------------------
1.  More on London Booted. Following up on this BoingBoing post about the bootleg Clash remix project "London Booted," Will says: X-NAS-Bayes: #0: 8.78942E-101; #1: 1 X-NAS-Classification: 0 X-NAS-MessageID: 4 X-NAS-Validation: {E681C936-E9F0-4DDC-9901-74301AF33E67}

We featured a preview of London Booted in issue-zero of our bootleg newsletter, which you can find here if you're interested (it's down the bottom in the "Coming Soon" section). We're also planning a follow up for issue-two (out 29th April) where we'll be talking to the remixers involved and also they guy who organised the project (only subscribers to the mailing list will get this issue).
Link
2.  Latte art. Cool blog about the designs baristas can make in the foamy milk that sits on top of your caffe latte. My favorite coffee hang in Los Angeles is Urth (even though I can never get a table), in part because their coffee is dark, sweet, earthy, and delicious -- and in part because the guys who make it draw little hearts and zigzags in the foam.
Link (Thanks, Jean-Luc!)
3.  Saudi Arabia and phonecams. The only Saudi blogger I know of, Alhamedi Alanezi, talks about phonecams and culture in his country. "When the Saudi people finally rise up in revolt and throw out the House of Saud," he says, " it won't be for democratic reform, and it won't be for an islamic republic. It'll be about mobile phones."
Link (Thanks, Mitchell)
4.  Web Zen: Archival Zen.

prelinger archive

early new york films

british pathe

project gutenberg

beinecke rare book library

british library

internet archive

stockstock festival


web zen home, web zen store, (Thanks, Frank).

----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
5.  Update on Playfair

11:23:24 AM    comment []

----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
1.  MidEast software heading for 70 percent piracy-free: watchdog (AFP). AFP - The Middle East is closing in on a target of being 70 percent software piracy-free in the next five years, an industry watchdog said in a statement to mark World Intellectual Property Rights Day.
2.  France vows crackdown on piracy as music sales slide (AFP). AFP - France's culture minister, Renaud Donnedieu de Vabres, vowed his country will get tough with illegal copiers of music and films, saying such piracy threatened French creativity.
3.  Police Seize Computers in Global Piracy Crackdown (Reuters). Reuters - Investigators seized 200 computers across the globe to break up online piracy networks that distribute copyrighted music, movies and software, the U.S. Justice Department said on Thursday.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
4.  How does Google do it?

10:23:04 AM    comment []

----------------------------------------------------------------------
CNET News.com
----------------------------------------------------------------------
1.  Week ahead: A chain of security happenings. Security will be the focus in the coming week, as industry giant Symantec gears up to report quarterly results and two trade shows delve into the topic.
----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
2.  Speakers to Snowboards, iPod Owners Accessorize (Reuters). Reuters - Apple Computer Inc.'s (AAPL.O) iPod has inspired a thriving aftermarket for obsessive owners who want to add features to their digital-music player, or simply show it off in a pretty case.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
3.  Senate Mulls Internet Tax Ban - VoIP Exempt?

9:22:44 AM    comment []

----------------------------------------------------------------------
Help Net Security
----------------------------------------------------------------------
1.  HNS Newsletter issue 206 has been released

8:22:31 AM    comment []

----------------------------------------------------------------------
Boing Boing
----------------------------------------------------------------------
1.  Open letter to crackhead. A San Francisco Craigslister has written an open letter to the crackhead who improvised a pipe from his motorcycle's sparkplugs:

On Wednesday morning I emerged from my girlfriend's building by U.N. Plaza to find that you had sawed the tops off both the sparkplugs on my motorcycle. At the time, I had no idea why anyone would do that. Other than the sparkplugs, the bike was untouched. Some kind of bizarre vandalism? A fraternity prank gone awry? I had no idea. All I knew is that I looked like a huge douchebag riding the Muni to work in a padded motorcycle jacket and helmet.

Because the bike was immobilized I got a $35 street sweeping ticket that night. Thursday I had it towed to the shop ($45) where they replaced the sparkplugs and the boots ($50 including labor). They explained to me that "people" - I use the term loosely here - like you break off the tops of spark plugs and use the porcelain tubes to smoke crack. As an engineer and former MacGyver fan, in a way I think this is kind of cool. But then I remember that I just paid $100 for YOUR crackpipes, and I get angry again.

Link

(Thanks, brecht!)

----------------------------------------------------------------------
Dilbert
----------------------------------------------------------------------
2.  Dilbert for 25 Apr 2004.
----------------------------------------------------------------------
New York Times: Technology
----------------------------------------------------------------------
3.  Rich to Get Richer if Google Goes Public. Tiger Woods, Shaquille O'Neal and Henry A. Kissinger are among those lucky enough to own a sliver of Google. By Gary Rivlin.
4.  Oh, Yeah, He Also Sells Computers. Steven Jobs, Apple's chief executive, has convinced the recording industry that he has found a solution for ending its nightmare of digital piracy. By John Markoff.
5.  Can the Technology Industry Grow Bigger, Not Just Older?. Sort through the celebrations and teeth-gnashing that accompanied the recent quarterly earnings reports, and one theme seems clear: tech is back. By Steve Lohr.
6.  Pssst, Computer Users . . . Want Some Candy?. For the millions of dollars corporations have spent on security systems for their computer networks, the weakest link remains the gullible user. By Gary Rivlin.
7.  Praise God and Pass the Music Files. Some Christians say file-sharing has become a high-tech way of spreading the gospel, and is consistent with their faith. By John Leland.
8.  A Plan for Wireless Telecommunications Network. The Lower Manhattan Wireless Redundancy System seeks to avoid a future disruption in phone service like that of Sept. 11. By John Holusha.
----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
9.  Teens Ring Up Market Share (washingtonpost.com). washingtonpost.com - Devin Walker, 16, is one of the cell phone industry's new best customers.
10.  Japan's Konica Minolta to Build New LCD Film Plant (Reuters). Reuters - Japanese precision equipment maker Konica Minolta Holdings said on Sunday it would spend about 8 billion yen ($73.15 million) on a new factory to boost its capacity for liquid crystal display (LCD) film.
11.  Gap, Wild Planet to Team Up on Spy Shorts (Reuters). Reuters - Wild Planet Toys, a toymaker known for its adventure and surveillance products, said on Thursday it is teaming up with Gap Inc.'s (GPS.N) GapKids unit on a line of cargo shorts with spy tools.
12.  TiVo Faces Off With Flattering Clones (AP). AP - Debra Baker tells people she has TiVo. But she really doesn't. The 33-year-old New York tax consultant has a variant — a digital video recorder offered through her cable company. She didn't know what "DVR" stood for until then.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
13.  NYS Senator Suggests Criminalizing Spyware
14.  The Venus Transit 2004
15.  526 Years On, Da Vinci's Clockwork Car Constructed
16.  Gaim Forks To Get Voice And Video Support`
17.  Biometric ID Cards Ready For Trial In UK
----------------------------------------------------------------------
BBC News | Technology | UK Edition
----------------------------------------------------------------------
18.  People feel loyalty to computers. Computer users tend to form strong ties with a particular machine, researchers have found.
----------------------------------------------------------------------
SecurityFocus Vulns
----------------------------------------------------------------------
19.  Vulns: Microsoft Windows COM Internet Service/RPC Over HTTP Remote Denial Of Service Vulnerability. Microsoft Windows supports a Remote Procedure Call (RPC) application programmer's interface (API) that allows applications to share publicly available objects in a distri...
20.  Vulns: Microsoft Windows Object Identity Network Communication Vulnerability. The Microsoft Windows operating system assigns each local application an object identifier; a unique number used to identify the application.

It has been reported that M...

21.  Vulns: Microsoft Outlook Express MHTML Redirection Local File Parsing Vulnerability. A vulnerability has been discovered in Outlook Express related to handling of MHTML file URIs that may be used to parse local files on a system. The vulnerability can be...
22.  Vulns: Microsoft Outlook Express MHTML Forced File Execution Vulnerability. A vulnerability has been discovered in Outlook Express related to handling of MHTML file and res URIs that may be exploited to execute a malicious file on affected system...
23.  Vulns: Microsoft Jet Database Engine Remote Code Execution Vulnerability. Microsoft Jet Database Engine (Jet) is used to provide data access to various applications such as Microsoft Access, Microsoft Visual Basic and other third party applicat...
24.  Vulns: Michael Bacarella IDent2 Daemon Child_Service Remote Buffer Overflow Vulnerability. The Michael Bacarella ident2 daemon runs as either a standalone daemon or as a child of inetd. The daemon is RFC1413 compliant and provides for remote system identificati...
----------------------------------------------------------------------
The Register
----------------------------------------------------------------------
25.  10 years jail for false ID - Blunkett PR deploys rattle of shackles. Shouldn't there be stiff penalties for fraudulent use of sentencing policy? By John Lettice .
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
26.  Sun Solaris 9 Secure NIS Map Exposure
27.  Netegrity SiteMinder Affiliate Agent Cookie Overflow
28.  HTML_NETSKY.P
29.  Trusted Computing/DMCA vs. Diebold Pentagon Paper
30.  Diebold knew of legal risks
31.  Judge: Tribune must turn over legal memos
32.  WormRadar Node Volunteers Help Graph Attacks
33.  WormRadar
34.  Call for volunteers to run WormRadar nodes
35.  Refining Web-Based Hypertext
36.  Phatbot/Agobot/Gaobot; More on MS SSL exploit; Mailbag
37.  BSD fts Routines chdir Traversal
38.  McAfee ePolicy Orchestrator Non-descript Command Execution
39.  Diebold May Face Criminal Charges
40.  BGP Denial Of Service Exploit

7:32:09 AM    comment []


Click here to visit the Radio UserLand website. © Copyright 2004 Gregg Doherty.
Last update: 5/3/2004; 12:27:06 AM.
This theme is based on the SoundWaves (blue) Manila theme.
April 2004
Sun Mon Tue Wed Thu Fri Sat
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30  
Mar   May