Date: 10/18/05 (Security)    Keywords: software, security

Cisco is adding new security software to all its products including Ethernet switches and wireless gear.

Source: http://news.zdnet.com/Cisco+extends+NAC+security+to+switches/2100-1009_22-5898169.html?part=rss&tag=feed&subj=zdnn

Date: 10/19/05 (Security)    Keywords: security

Quarterly update includes fixes for a slew of security vulnerabilities in many Oracle products--many of wich carry Oracle's most serious rating.

Source: http://news.zdnet.com/Oracle+fixes+bugs+with+mega+patch/2100-1009_22-5900784.html?part=rss&tag=feed&subj=zdnn

Date: 10/19/05 (Security)    Keywords: security

U.K. government's plans for a mandatory biometric ID card opens British citizens up to "huge potential breaches," security exec warns.

Source: http://news.zdnet.com/Microsoft+exec%3A+ID+cards+pose+security+risk/2100-1009_22-5900411.html?part=rss&tag=feed&subj=zdnn

Date: 10/18/05 (Security)    Keywords: browser, security, microsoft

"Critical" flaw affects Microsoft's media player and browser, including on Windows XP with SP2, a security firm reports.

Source: http://news.zdnet.com/Security+flaw+touches+Windows+Media+Player%2C+IE/2100-1009_22-5899448.html?part=rss&tag=feed&subj=zdnn

Date: 10/19/05 (Java Web)    Keywords: software, java, security

Unisys is putting Open Source Java software technologies (J2EE stack) directly on the mainframe using a native Java virtual machine. Why? to improve the scalability, security and transactionlity integrity of J2EE apps; to make it easier for J2EE and mainframe assets to communicate with one another; and to provide n-tier Java/J2EE and mainframe developers a “back door” entry point [...]

Source: http://blog.taragana.com/index.php/archive/open-source-java-software-stack-j2ee-goes-mainframe/

Date: 10/20/05 (Security)    Keywords: software, browser, security, web

With release 8.0.4, Netscape is now up to date on security patches with the underlying Firefox Web browser software.

Source: http://news.zdnet.com/Netscape+update+fixes+Firefox+bugs/2100-1009_22-5902868.html?part=rss&tag=feed&subj=zdnn

Date: 10/20/05 (Security)    Keywords: security

Company says it can't compete with security suites offered by others and instead will focus on its server-based firewall products.

Source: http://news.zdnet.com/Kerio+to+scrap+desktop+firewall/2100-1009_22-5903250.html?part=rss&tag=feed&subj=zdnn

Date: 10/22/05 (Security)    Keywords: security

A federal security-check process will be ready in 2007, not in time for next year's elections, a government report says.

Source: http://news.zdnet.com/E-voting+won%27t+be+verified+until+2006/2100-1009_22-5907036.html?part=rss&tag=feed&subj=zdnn

Date: 10/26/05 (Security)    Keywords: security

Security advisory: Published exploit could take advantage of flaw in the open-source intrusion protection system.

Source: http://news.zdnet.com/Snort+exploit+published/2100-1009_22-5915111.html?part=rss&tag=feed&subj=zdnn

Date: 10/26/05 (Security)    Keywords: security

Hackers go for gain rather than pain, a study from security firm Cybertrust says.

Source: http://news.zdnet.com/Zotob+damage+deep+but+not+widespread/2100-1009_22-5915591.html?part=rss&tag=feed&subj=zdnn

Date: 10/26/05 (Security)    Keywords: security

A test version of the subscription security product adds MSN Messenger scanning and better "help" features.

Source: http://news.zdnet.com/Microsoft+adds+to+OneCare+security+beta/2100-1009_22-5915426.html?part=rss&tag=feed&subj=zdnn

Date: 10/27/05 (Security)    Keywords: software, security

Software maker is coming under increased fire from security researchers who say its patch process is "years behind" other companies.

Source: http://news.zdnet.com/Flaw+hunters+pick+holes+in+Oracle+patches/2100-1009_22-5916171.html?part=rss&tag=feed&subj=zdnn

Date: 10/29/05 (Security)    Keywords: security

New approach to selling services is aimed at getting customers to buy more than just security testing, code review.

Source: http://news.zdnet.com/Symantec+looks+to+sell+more+services/2100-1009_22-5920597.html?part=rss&tag=feed&subj=zdnn

Date: 10/29/05 (Security)    Keywords: security, spyware

Pest spreading via America Online's network delivers a cocktail of spyware, security company warns.

Source: http://news.zdnet.com/AIM+worm+plays+nasty+new+trick/2100-1009_22-5920403.html?part=rss&tag=feed&subj=zdnn

Date: 10/29/05 (PHP Community)    Keywords: php, security, web

i have a case where i'm trying to provide some unsubscribe functionality via a link to a website in an email. i need to encode some information in the url, specifically a user id and a list so i know who they are and which list they are unsubscribing to. Security is of course important, I don't want anyone to be able to just submit with random user ids and lists so i need to encode it with some sort of obfuscation, but also with a checksum or something that would prevent tampering or at least let me know.

Anyone have any experience with this or ideas? ideally, i'd like to use something readily available in PHP (and also perl if possible since the encrypting part will happen in perl, but presumably i could port easily enough). maybe like generate a url string, such as "user_id=x&list=y", base64 encode it (which also shrinks it and is a plus) and then add a crc byte on the end? then my url would be http://www.example.com/file.php?hash="gobbledygook"

does anyone know of something in PHP that would do this? if not any suggestions for rolling your own (like algorithms, i don't need actual code probably unless you either have it, know of it on a free site, or really feel like writing it ;-) ) maybe using compression utils with a password? that would i think require recompiling php or using external programs which is doable, but not as desireable. plus if someone guessed the password, they could decrypt, but i suppose that is true for any algorithm that's one way. perhaps using ssl or pgp somehow? having 2 keys, then no one could decrypt it without the private key? that might be overkill. or mhash for hashing, but then might that be easy to crack and can it be computed in perl?

xposted to php-dev

Source: http://www.livejournal.com/community/php/360630.html

Date: 10/29/05 (PHP Development)    Keywords: php, security, web

i have a case where i'm trying to provide some unsubscribe functionality via a link to a website in an email. i need to encode some information in the url, specifically a user id and a list so i know who they are and which list they are unsubscribing to. Security is of course important, I don't want anyone to be able to just submit with random user ids and lists so i need to encode it with some sort of obfuscation, but also with a checksum or something that would prevent tampering or at least let me know.

Anyone have any experience with this or ideas? ideally, i'd like to use something readily available in PHP (and also perl if possible since the encrypting part will happen in perl, but presumably i could port easily enough). maybe like generate a url string, such as "user_id=x&list=y", base64 encode it (which also shrinks it and is a plus) and then add a crc byte on the end? then my url would be http://www.example.com/file.php?hash="gobbledygook"

does anyone know of something in PHP that would do this? if not any suggestions for rolling your own (like algorithms, i don't need actual code probably unless you either have it, know of it on a free site, or really feel like writing it ;-) ) maybe using compression utils with a password? that would i think require recompiling php or using external programs which is doable, but not as desireable. plus if someone guessed the password, they could decrypt, but i suppose that is true for any algorithm that's one way. perhaps using ssl or pgp somehow? having 2 keys, then no one could decrypt it without the private key? that might be overkill. or mhash for hashing, but then might that be easy to crack and can it be computed in perl?

xposted to php

Source: http://www.livejournal.com/community/php_dev/61842.html

Date: 10/31/05 (Security)    Keywords: security

No plans to get into identity management but more megadeals on the horizon, a top executive at the security giant says.

Source: http://news.zdnet.com/Symantec%3A+No+end+in+sight+for+acquisitions/2100-1009_22-5924193.html?part=rss&tag=feed&subj=zdnn

Date: 11/01/05 (Security)    Keywords: security, virus, antivirus

Security researcher says an issue in several antivirus products could let malicious files pass undetected, but some in the industry say it's not a flaw.

Source: http://news.zdnet.com/Evasion+bug+bites+virus+shields/2100-1009_22-5924738.html?part=rss&tag=feed&subj=zdnn

Date: 11/02/05 (Security)    Keywords: security

Acquisition of hosted secure enterprise instant messaging provider is MessageLabs' ticket into the instant messaging security fray.

Source: http://news.zdnet.com/MessageLabs+to+buy+OmniPod+for+IM+security/2100-1009_22-5927144.html?part=rss&tag=feed&subj=zdnn

Date: 11/02/05 (Web Development)    Keywords: php, mysql, software, html, technology, database, sql, security, apache

This is a follow up to the post I made before regarding this database connection problem I'm having. (http://www.livejournal.com/community/php/359304.html)

After receiving responses from people that suggested I install the MS SQL PHP functions, I inquired with my IT contact (we are a large institution and therefore have ridiculous amounts of red tape to deal with) as to whether or not they could be installed.

This is what I was told:

We do not support MSSQL odbc connection on our Sun Solaris server running Apache. mssql_connect would require a staff member who knows the technology, purchase of licensed software (which we do not have), and recompiling of Apache that may potentially break other users code. Also, there would be MSSQL security issues if we were to open up or authorize connections to it from our Sun Server, we host a variety of departmental databases on that SQL server, that could be a potentially serious problem if any of our other databases we to be compromised. Sorry for the inconvenience, but that is the story.


If I can't connect to that database, the entire project that I'm working on is going to be fucked and I have a 11/21 deadline. I need to know two things, if any of you can discern from all of this:

1. Is it EVER going to be possible for me to connect to that database? Or should I just stop wasting my time and create another for my personal use?

2. If it is possible, can someone tell me how? :(

Thanks everyone.

Cross posted to PHP/MySQL communities.

Source: http://www.livejournal.com/community/webdev/263959.html