“A potential security vulnerability has been discovered in the
handling of the environment variable, ORACLE_HOME. A buffer
overflow is caused when the Oracle binary, otrcrep, translates the
environment variable, ORACLE_HOME, into a string of 240 or more
bytes. The Oracle binary otrcrep runs with the SETUID oracle
privileges in the operating system DBA group. The buffer overflow
may be exploited by a local user to force overwriting of stack
variables in shared memory including the return memory address(es)
and thereby execute arbitrary (or specific, malicious) code with
the privileges of the oracle user and/or the DBA group privileges.” Details at Help Net Security.

Commentary from Sun’s Whit Diffie and Susan Landau: “Remember, Willie Sutton used to rob banks because “that’s where the money is.”

Suppose that in a year or two Microsoft has succeeded in funneling the lion’s share of information about
people’s identities, preferences, financial assets, and shopping habits to itself and putting them all in one
big database. If Microsoft can’t protect its own systems: what hope is there for Microsoft databases that
will contain the credit, locations, and private files of millions upon millions of users?” Posted at kingpublishing.com.

OSBlue writes “A few days ago, news emerged regarding the OpenBeOS project, while now there is more information regarding the other effort to ‘save’ BeOS, BlueOS. BlueOS uses the Linux kernel 2.4.12 and Xfree as as the base of their OS. For now, they are building a BeOS look-alike Interface Kit and BeOS app_server on top of XFree, so it is not just a simple window manager, but a whole new API and environment. In future versions, the BlueOS team will completely bypass XFree and have a stand alone BeOS compatible app_server which will only use some of the XFree’s system calls to be able to use its 2D/3D drivers. Guillaume Mailard, team leader in the BlueOS project gives more infomation in an interview to OSNews.”

Kelly McNeill writes “Yahoo Inc. fired a volley at rival Microsoft on Tuesday by unveiling downloadable software that allows users to replace an array of Microsoft operating system and browser features with its own. The Yahoo software, called Essentials, enables users to easily install Yahoo’s home page, e-mail, search, instant messaging and address book as their preferred settings. The software circumvents Microsoft’s efforts to keep users of the Windows operating system and Internet Explorer browsers in its own Internet universe.”

Reported at CNET News.com: “In 2003, HP will upgrade its 64-processor Superdome with a 128-processor goliath using HP’s
PA-RISC 8800 chips, said Mark Hudson, worldwide marketing manager for HP’s business
systems and technology organization. The 8800 chips combine two CPUs on a single slice of
silicon, a technique pioneered by IBM with its new Power4 chip.”

From The Register, commenting on ICANN’s questionable rejection of a domain registrar’s bid to join one of that organization’s governing bodies: “Why is ICANN so over-sensitive to any group that dares to question how things are
done? Any organisation afraid to embrace change or criticism is doomed to failure.
The fact that that organisation runs the Internet – the greatest leap forward in
communication among men since the telephone – makes it all the more ironic.”

From Network World Fusion: “Microsoft CEO Steve Ballmer introduced and
extolled the virtues of the company’s new operating
system, Windows XP, at its launch Thursday. The
big draw of the new product will be innovations by
Microsoft’s partners, he said, addressing some of
the concerns users might have about upgrading to its
newest product.”

Slashdot readers discuss a CNet story describing the disappearance the
AOL/Gateway/Transmeta Internet Appliance.

Ana Monsanto writes, With the release of the Internet Exchange Messaging Server (IEMS) 5.1, International Messaging Associates (IMA) announces new tools to spark the interest of users and software developers. The latest messaging solution rolled out by IMA supports a C/C++ Message Queue Application Programming Interface (MQAPI). In order to benefit both users and software developers, IMA is also offering free 15-user permanent licenses for a limited time.
IEMS is an open-architecture, fully featured messaging system that conforms to Internet standards. It guaranties smooth and reliable transmission of messages over the Internet. At the heart of IEMS are a number of components working together to submit and retrieve messages to and from the Message Queue. By opening the MQAPI, third party developers are now given the tools to create new solutions that enhance functionality of the messaging server. The open MQAPI provides them with the essential tools that allow the creation of archiving agents, content filters, gateway modules, and more.
“This presents a significant opportunity for developers to create solutions that will immensely benefit the users”, said IMA’s President Tim Kehres. “Using this API, programmers can easily develop messaging applications that add new functionality and security”, he added further.
Messages arriving to the IEMS MTA enter via various input channels, such as SMTP, Distribution Lists, gateways, and others. Messages submitted to these channels are placed in their respective input queues in the Message Queue Server. Once submitted, a lookup is performed to determine the address and the appropriate output channels needed so that the proper routing information can be created. Preprocessor operations such as virus scanning, spam checks and disclaimer insertion are then performed. The Open MQAPI provides software developers with the ability to develop additional preprocessor application modules.IMA designed the Attachment Removal Filter module as an example for IEMS5.1, and is releasing it as open source to demonstrate to developers how to effectively utilize the new API.
The Attachment Removal Filter Module of IEMS5.1 is a preprocessor plug-in capable of stripping messages of file attachments that are deemed to be undesirable, or potentially carrying viruses. The module checks the type of email attachment against file types that have been configured by the administrator. If the type is an unwelcome one, IEMS automatically deletes the attachment and sends a notification message to the postmaster. IEMS5.1 provides a user-friendly interface for systems administrators to configure filter parameters and choice of action. Both inbound and outbound messages could undergo the same address resolution, expansion and processing.
IEMS 5.1 is available in both the Microsoft Windows and Linux operating systems. Support for HP-UX and Solaris will also be available by the end of this month. IEMS5.1 can be downloaded at http://www.ima.com/download/free15user.html and up to 2,000 15-user licenses can be obtained free of charge from the online registration system at http://www.ima.com/purchase/15user.html. This special offer lasts until either November 30, 2001 or after 2,000 free licenses will have been issued, whichever comes first. Please visit http://www.ima.com/promotions/free_15_user_promo.h tml for additional details obout this offer.Sales and Marketing Contacts:
Eric Arandez (jearandez@ima.com)
Ana Monsanto (marcana@ima.com)
Toll Free No.: +1 (800) 549-2762
Fax: +1 (888) 562-3561

Website: http://www.ima.com

John Gowin writes, “Linux Orbit takes a look at the alpha release of the KaZaa network client for GNU/Linux. Although primitive, it gets the job done and hooks up GNU/Linux users to the most popular file sharing network since Napster closed its doors to open source clients. Read can the review here.”