The Register reports that a flaw in the Win-2K SMTP authentication scheme
“allows unauthorized users to access the system using bogus credentials and
bounce spam and death threats off unwitting users’ machines with impunity.”

The announcement is at Galeon’s SourceForge site. Changelog included.

Mozillaquest.com reports, “Look for the next Netscape 6.1 Preview Release soon. Current plans are to build the Netscape 6.1 PR 2 browser-suite from Mozilla Milestone 0.9.2, which was released last Friday. Netscape 6.1 Preview Release 1 was released June 13, 2001. Netscape 6.1 will be an upgrade from the current Netscape 6.0 and Netscape 6.01 browser-suite editions. It´s for the Linux, Macintosh, and Microsoft Windows platforms and will be available for free downloading on the Netscape FTP servers when it is released to the public.”

Alix Guillard reports on the July 4 session at the meeting in Bordeaux, France: “Presentation of the LSM took place in the great auditorium of ENSEIRB.
Pierre Jarillon explain the aim of the Meeting. He told the in the
early time when he was developing software for the space shuttle Ariane,
he had to take often the train to install its new software in different
areas where his company had subsidiaries. He enjoyed a lot chatting
with his colleagues while the tapes were running. Then he get connected with
the network and could install remotely his software, he realized that
since then, he could not have the same relationship he used to have with
his remote colleagues. “Free Software developers work together on the same project from many
different location in the world and have very few opportunity to meet in
real life. This is why he had the idea of creating this ‘Libre Software
Meeting’ in order to allow libre workers to see each other, to share
ideas and knowledge through conferences; meet each other, exchange
fingerprints and enjoy their stay in Bordeaux.

“More about it: http://lsm.abul.org/.”

From Newsbytes: “A hacker or hacker group has gone on a defacement rampage in Australia, altering the front pages of at least 48 sites in the last
seven days … The Web sites have no other links, with government, charity and commercial all targeted. However, according to Alldas, all sites
were hosted on the Microsoft Web server platform.”

From Net-security.org: ”

Due to unsafe temporary directory usage a local attacker
could remove any file called ‘cookies’ on the system.”

Mozilla.org: “Mozilla Community Day takes place on the last day of the O’Reilly Open Source Conference in the Conference facilities, and is
designed to complement the presentations of the Mozilla Track. Those who attend the Conference will have had 2 days of
presentations from experts about where we are and how to use the Mozilla code. During Community Day, we’ll move the focus to
look at what people are doing with Mozilla, how we work together and where we ought to be going. We’ll shift the format as well,
moving to discussion, brainstorming, Q & A and getting to know each other.”

Wired: “Proprietary information on U.S. businesses that was supposed to be confidential was left wide open on a U.S. Commerce Department website pushing a privacy initiative with Europe.”

pkej writes: “Jo Henrik Endrerud has written an article at zez.org concerning common security flaws in PHP scripts (and in deed some other languages). It’s a fairly short article which also gives easy to implement solutions.”

–
By Andrew Orlowski –

– The Register –

Eazel went titsup.tar.gz in March, having burned through $13 million trying to make a business of selling services around Nautilus.
But the GPL software lives on. A new release 1.04 issued yesterday includes both real and cosmetic fixes, and doesn’t keep trying to force the now-defunct Eazel services down the user’s throats. So it’s leaner for that.

A quick list of fixes can be found here at LinuxToday, or at the Nautilus home page at FreshMeat.

It’s Friday, and we feel an apt_get coming along …

All Content copyright 2001 The Register