2005 March

Just freepin’ great… “The controversial computer science department at the University of Calgary has once again kicked off heated debate in the security industry by offering students a course in writing spyware and the tools for sending and propagating spam.
The move follows the introduction of a widely-criticised virus writing course offered by the university [...]

For those of you in Canada who have Shaw as your Internet provider and have the Shaw Secure package from them - you are running F-Secure antivirus and need to find out if it’s a version affected by this advisory (it probably is).
“Secunia Advisory: SA14216
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor [...]

“Secunia Advisory: SA14333
Critical: Moderately critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: PuTTY 0.x
Gaël Delalleau has reported two vulnerabilities in PuTTY, which can be exploited by malicious people to compromise a user’s system.
1) An integer overflow in the “fxp_readdir_recv()” function in “sftp.c” can be exploited to execute arbitrary code via a malicious SFTP (SSH File Transfer [...]

“Secunia Advisory: SA14325
Critical: Less critical
Impact: Cross Site Scripting
Where: From remote
Solution Status: Vendor Patch
Software: Mono 1.x
Andrey Rusyaev has discovered a vulnerability in Mono, which potentially can be exploited by malicious people to conduct cross-site scripting and script insertion attacks.
The vulnerability is caused due to an input validation error in the sanitation of special HTML characters supplied as [...]

“Secunia Advisory: SA14359
Critical: Moderately critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: unace 1.x, unace 2.x
Ulf Härnhammar has discovered some vulnerabilities in unace, which can be exploited by malicious people to compromise a user’s system.
The vulnerabilities have been confirmed in version 1.2b. One of the buffer overflow vulnerabilities have also been reported in version 2.04, 2.2 and 2.5. [...]

Common sense recommendations appropriate to any computer - but too many of us don’t do them (including me) - except maybe to wipe the gummi bear laden fingerprints off of our monitors… “Cleaning PCs may not be the most interesting or challenging part of your job, but doing so can improve performance and extend the [...]

“They got Paris Hilton’s contacts, and could get yours, too
Millions of cell phone users are at risk of having someone listen to their voicemail or steal their contact phone numbers and other private information, according to a report issued this weekend by an industry consulting firm.
Representatives from Sprint, Cingular, and T-Mobile confirmed the basic [...]

Phone numbers are still the primary way most of us keep in contact. Handing over a number and an e-mail address is something we do automatically, sometimes without considering how that information will be used. Google has brought those considerations into the spotlight with aspects of their recently de-betad local search functions. Now, if a [...]

In another chapter of the never-ending story of global trade normalization, globalization, protectionism and the world economy, the BBC is reporting that the World Trade Organisation (WTO) has announced that cotton subsidies are illegal and must stop.
I can already hear you, dear reader, saying “so what?”. In fact, there’s a very big “so what” [...]

“Richard Branson, founder and head of the sprawling Virgin Group business empire, actually managed to increase his already formidable Q rating by appearing on a reality television show that described him (and itself) as the “The Rebel Billionaire.” So it should come as little surprise that it’s Branson’s Virgin Galactic that’s leading the marketing race [...]

These are .wav files and .pdf transcripts of same from the recent (perhaps still ongoing) lawsuit by Snohomish County, WA about the Enron mess. Some find this stuff fascinating - I have to make an effort not to go there else I’d be lost for days… :-(
Website: The Enron Tapes

“Microsoft is aiming to have its first cluster version of Windows ready in time for a supercomputing conference this fall.
Software Architect Marvin Theimer said on Thursday that the company hopes to have a beta, or test version, by this summer, with the final version of Windows Server 2003 Compute Cluster Edition ready by the SC2005 [...]

Free registration required to read the article.
“In a significant victory for large biotechnology companies like Monsanto, Brazil’s lower house of Congress has overwhelmingly approved legislation paving the way for the legalization of genetically modified crops.
After months of delays and heated debate, legislators passed a biotechnology law late Wednesday night by a vote of 352 to [...]

Hey, Chris! Can’t drink coffee any more? Don’t worry, you can still get your daily ration of caffine… “Mornings Have Never Been So Invigorating!
Tired of waking up and having to wait for your morning java to brew? Are you one of those groggy early morning types that just needs that extra kick? [...]

Dave, I was reading a message from Paypal on my new Gmail account and it had this big red warning on the top saying “Warning:  This message may not be from whom it claims to be. Beware of following any links in it or of providing the sender with any personal information.” What [...]

Open source. “Tor: An anonymous Internet communication system
Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and more. Tor also provides a platform on which software developers [...]

“Warner Bros. is the new Criterion Collection. How the DVD label cleaned up its act (and its digital transfers).
People don’t pay much attention to the name of the studio on a DVD. (Nobody I know says, for instance, “Let’s go rent a Paramount movie tonight.”) The single exception, of course, is the Criterion Collection, which [...]

Steve Fossett has done it. Again. At approx. 1:50 pm local time (19h50 GMT) this afternoon, famed American pilot Steve Fossett returned to Salina Municipal Airport and once again flew straight into the history books, becoming the first person to achieve a solo, non-stop round the world airplane flight aboard the extraordinary single jet-engine powered [...]

Donald Smith writes on SearchSecurity.com, “Who will win a landmark case on customer data protection?
Who decides whether a business is responsible for your data, or if you yourself are? Now it may be a judge and jury.
According to a report in The Register, Joe Lopez, a small businessman from Florida, alleges that Bank of America was [...]

Mozilla / Firefox “Save Link As” Download Dialog Spoofing
SECUNIA ADVISORY ID: SA13258
SOLUTION:
The vendor has issued updated versions.
Mozilla Firefox 1.0.1:
http://www.mozilla.org/products/firefox/
Mozilla 1.7.5:
http://www.mozilla.org/products/mozilla1.x/
Mozilla Firefox Image Javascript URI Dragging Cross-Site Scripting
SECUNIA ADVISORY ID: SA14406
SOLUTION: Do not drag images to the address bar.
Mozilla / Firefox / Thunderbird Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA14407
SOLUTION:
Firefox:
Update to version 1.0.1.
http://www.mozilla.org/products/firefox/
Mozilla:
The vulnerabilities have been fixed in [...]