QODS ec

Wednesday, May 19, 2004

I was just about half way done with this and some how my browser got frozen and I lost all my work. SAVE SAVE and then SAVE that should be my motto. Now on with today's news.


Headlines:


Seems like what was said at theunofficialgoogleweblog was true some people that were directly invited by Goggle had experienced a significant increase in the space allocated. It went from 1 GB to 1 TB (1000 GB) Gmail became normal today although i did take the time to have a snapshot taken of gmail while it had the 1 TB feature shown below.


                              Click to enlarge

There might be a couple of explanations for this:
1) It is a big mistake and someone made a typo.
2) A future feature that might be available to paid members or even free.
3) Goggle just wanted to go into the record books as the first to offer 1 TB email.

Numerous sites caught on to it: News.com and Slashdot were the ones I noticed.

Tonight Live: Advanced Unix Programming on The Linux Show!! Catch the show Tuesday, 08:00PM CDT (Wednesday, 01:00AM GMT). The Linux Show.


Linux News:


A lengthy review has been done by KernelTrap with Andrea Arcangeli.
Andrea Arcangeli is well known for having completely rewritten and stabilized the virtual memory subsystem in the 2.4 Linux kernel. Many were surprised when Linus Torvalds merged Andrea's VM into 2.4.10, but the new memory subsystem has long since proved itself. Andrea is a 27 year old Linux kernel hacker living in Italy and working for SUSE.
Check it out here

Fedora core 2 has been released for a few days, but some were not able to download the ISOs. A couple of sites have featured articles on Redhat's free desktop. News.com and LXer.com were some of the many. Here is a summary of some of Fedora's new features:

In this release, the XFree86™ X11 implementation has been replaced with the X.org Foundation's new official X11R6.7.0 X Window System release. This release is a merger of the previous official X11R6 release, XFree86 4.4.0rc2, and additionally includes a number of updates to Xrender, Xft, Xcursor, fontconfig libraries, and other significant improvements. Refer to the X.org X11R6.7.0 release notes for more information:
Fedora Core 2 is now based on the 2.6 kernel, which includes improvements in many different areas, including scalability, device support, and performance.
Fedora Core 2 includes GNOME 2.6, which includes many improvements in terms of usability, stability, and speed.
Fedora Core 2 includes KDE 3.2.2, which is a maintenance release correcting numerous problems, and includes enhanced support for existing translations.
Fedora Core 2 includes Xfce 4, a lightweight desktop environment based on GTK+ version 2. For more information, refer to the Xfce project website:

Please read the Release Notes for more information. Download mirrors are available here and a humorous release notes is available from Lxer.com.

Linus' Tux asked to wonder, "who is my real daddy?" as a continuation from yesterday many sites gave different views about linux. In the end this whole issue will not change a thing and the opensource movement will prevail.


Cyber Security News:


The "Mac OS X URI Handler Arbitrary Code Execution" advisory release by Secunia has been labeled Extreamly Critical by Apple according to this article. Sorry I am not a mac guy so I will not venture into this too much but here is some of the description given by the advisory:
Description:
Two vulnerabilities have been reported in Mac OS X, allowing malicious web sites to compromise a vulnerable system.
1) The problem is that the "help" URI handler allows execution of arbitrary local scripts (.scpt) via the classic directory traversal character sequence using "help:runscript".
2) It is reportedly also possible to silently place arbitrary files in a known location, including script files, on a user's system using the "disk" URI handler.
Various variants of the URI handler vulnerabilities are currently being discussed.
This has been confirmed on Macintosh OS X using Safari 1.2.1 (v125.1) and Internet Explorer 5.2. Other browsers may also be used as attack vectors.
NOTE: The rating has been upgraded to "Extremely Critical" because the issues are very easy to exploit and a large number of working exploits are available.



Half-Life code leak could be due to the Phatbot Trojan
Microsoft Internet Explorer ImageMap URL Spoof Vulnerability
Anti-virus—The Old-Fashioned Way Is Still Best
Embracing the Art of Hacking .
Plug pulled on U.S. cable pirates leaves Cubans' satellite TV in dark
Cisco Code stolen Wired, Channel Zone, and Tech News World



Viruses and Worms


Kibuv Worm as well as Bobax Trojan are growing more desperate to spread faster. The Kibuv worms for example affects Windows 98 through windows 2003 and carries with it 5 exploits to use as well as the code to access FTP servers on machines previously compromised by sasser. Symantec has published some technical details on how to spot the Kibuv worm.

32.Kibuv.B is a worm that attempts to spread itself through IRC, FTP, and exploiting vulnerabilities on remote computers.
Variants: W32.Kibuv.Worm
Type: Worm
Infection Length: 18,944 bytes
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
Systems Not Affected: DOS, Linux, Macintosh, Macintosh OS X, Novell Netware, OS/2, UNIX, Windows 3.x
CVE References: CAN-2003-0533, CAN-2003-0717, CAN-2003-0109, CAN-2003-0352


When W32.Kibuv.B is executed, it performs the following actions:
1. Starts an FTP server that accepts any username and password combination on TCP port 7955. All attempts to download a file from the FTP server will receive a copy of the worm.
2. Connects to the IRC server, irc.nugs.us, on port 6667 and waits for commands from an attacker.
3. May attempt to scan for and exploit one of the following vulnerabilities in order to spread:
* Buffer Overrun in Messenger Service (described in Microsoft Security Bulletin MS03-043).
* IIS 5.0 WebDAV3 (described in Microsoft Security Bulletin MS03-007).
* The UPnP NOTIFY Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS01-059).
This vulnerability is exploited by sending a specially crafted NOTIFY directive to the UPnP service, which listens on TCP port 5000.
* Buffer Overrun In RPC Interface (described in Microsoft Security Bulletin MS03-026).
* LSASS vulnerability (described in Microsoft Security Bulletin MS04-011).
* The backdoors created by W32.Weird and W32.Beagle@mm.
* The FTP server the W32.Sasser family of worms creates.
4. Attempts to connect to other IRC servers and send an address to IRC users.
For example, it may send "ftp://z:z@:7995/bot.exe".
5. Listens on TCP port 420 and waits for command from the remote attacker.


The Bobax Trojan, however, according to eweek a Trojan that is capable of spreading semi-automatically. Known as Bobax, the Trojan can only infect machines running Windows XP and seems to exist solely for the purpose of sending out large amounts of spam, according to an analysis by LURHQ Corp., a managed security services provider.
The Trojan is dropped onto target systems via a file named Svc.exe, which then extracts a DLL and places it in the process space of Explorer.exe. Once executed, Bobax copies itself to the Windows system folder and creates two registry keys.
The Trojan then tries to connect to four Web sites, and if it gets a connection, it looks for one of four specific commands from the remote Web server.
The server, apparently controlled by the Trojan's creator, can instruct the program to download and run another program, scan and infect other machines, stop scanning or send spam from a preloaded e-mail template and address list.
The interesting thing about this command sequence is that it enables the Trojan's creator to send spam from remote machines without having to connect to the PCs to send each separate piece of e-mail.
The technical analysis done by LUHQ could be found here.

After much of the fuss about how police have captured the author of the worm the worm is still spreading and some more variants are surficing. eweek had two such articles today Sasser Worm Attack On The Decline and Sasser.D Worm Arrives, Ready to Do Damage this is an irony.



Goggle News:




Goggle Groups 2 Beta Brings Personalization Features The website should be http://groups-beta.Goggle.com/ but currently i am getting a Server Error when i try to access it.

After Goggle had raised the bar with GMail, Yahoo tried to do the same. Not quite enough for me is 100MB since my GMail is 106MB full. 11% full today and 0% full yesterday. Yahoo boosts free e-mail storage to 100MB.


Misic:



Looks like some people have seen the benefit of open source. Eweek today has an article titled Blogging Technology Going Open Source which reveals planes by UserLand Software Inc.to realease the Frontier platform under opensource licenses effectively joining in the opensource revolution.

Here are some screen shots of the upcoming Halo 2.

Book Review: Ethereal Packet Sniffing.

Camera Phones Link World to Web

0 Comments:

Post a Comment

<< Home


Get Firefox!