Linux compression format flaw exposed

A critical flaw in a compression format widely used in Linux and Unix can give hackers a way into machines, say security experts.

A patch for the zlib library isn`t available, but several Linux and BSD distributors have rolled out fixes of their own, reports Techweb.

The bug, which affects the current version of zlib 1.2.2, can be exploited to create a denial-of-service attack, which could crash any application using the library or let the attacker plant code of his own remotely, according to Danish security firm Secunia.

The company rated the zlib vulnerability as "highly critical", its second most dire warning.

MessageLabs, a provider of e-mail security and management services, has found a Trojan that is distributed via e-mails purporting to carry a video news clip of last week`s London bombings, Techtree reports.

The e-mail containing this Trojan has been made to appear as a CNN newsletter that asks recipients to see attachments for unique amateur video shots.

Once executed, the Trojan attempts to obtain a list of the SMPT servers that the victim`s machine is configured to use and starts to use these servers to send large volumes of unsolicited mail.

In a rare display of industry cooperation, Yahoo and Cisco merged their e-mail authentication specification, Internetnews reports.

The Domain Keys Identified Mail (DKIM) specification is the combination of two related, competing technologies: Yahoo`s Domain Keys and Cisco`s Identified Internet Mail (IIM).

"With DKIM, we`re helping other e-mail service providers, Internet service providers, financial institutions and e-commerce companies to protect their e-mail customers," says Yahoo anti-spam manager Miles Libby.

"We look forward to continued industry collaboration on DKIM in an effort to create an open e-mail authentication standard that is available to the industry at large."

DKIM aims to limit the amount of spam that is increasingly finding its way into people`s inboxes.

Hacker magazine Phrack is to close its doors after almost 20 years serving the darker side of the Internet and communications community, CNET reports.

Yet the anti-virus and security industries say they will be sorry to see the back of the title that was run by, and for the benefit of, those they seek to thwart.

"Phrack`s visibility was a blessing in disguise, pretty much in the same way as the Full Disclosure community," says Pete Simpson, ThreatLab manager at security company Clearswift, referring to the unmoderated Full Disclosure forum for disclosure of security information.

In the past, some hackers have brought about their own downfall by feeling the need to brag about that they have done and what they are capable of.