Date: 11/02/05 (Security)    Keywords: security, virus

Messaging security company says its data shows a 1,500 percent increase in worms, viruses and other pests targeting IM networks.

Source: http://news.zdnet.com/Study%3A+IM+threats+zooming+up/2100-1009_22-5928790.html?part=rss&tag=feed&subj=zdnn

Date: 11/02/05 (PHP Community)    Keywords: mysql, database, sql, security, spam

for the last few days someone has been testing my various forms to see if they can send 'extra' email headers. stupid spammers...

This got me thinking about ways of 'cleaning up' user input, and I was wondering how other people go about it. I know input validation depends on what exactly the input is (ie guestbook comment would be treated differently to a query string), but in general terms

my current method involves stripping newline characters (\r\n), stripslashes (and then mysql_real_escape_string anything that's going into a database), trim, and strip_tags if need be.
I also have some things that use regular expressions to check/remove any unwanted characters etc. I'm probably missing lots of important things, but I seem to be picking stuff up as I go along, and I'm getting quite paranoid about security, which can't be a bad thing. heh.

Anyone else got a different approach, or any general tips/links?

Source: http://www.livejournal.com/community/php/363396.html

Date: 11/02/05 (PHP Community)    Keywords: php, mysql, software, html, technology, database, sql, security, apache

Edit: Thank you all for your help and suggestions. I had a meeting with my server administrators and have found that it would just be easier to dump and import the data into my own little MySQL database. But I learned a lot in this process thanks to you all!

This is a follow up to the post I made before regarding this database connection problem I'm having. (http://www.livejournal.com/community/php/359304.html)

After receiving responses from people that suggested I install the MS SQL PHP functions, I inquired with my IT contact (we are a large institution and therefore have ridiculous amounts of red tape to deal with) as to whether or not they could be installed.

This is what I was told:

We do not support MSSQL odbc connection on our Sun Solaris server running Apache. mssql_connect would require a staff member who knows the technology, purchase of licensed software (which we do not have), and recompiling of Apache that may potentially break other users code. Also, there would be MSSQL security issues if we were to open up or authorize connections to it from our Sun Server, we host a variety of departmental databases on that SQL server, that could be a potentially serious problem if any of our other databases we to be compromised. Sorry for the inconvenience, but that is the story.


If I can't connect to that database, the entire project that I'm working on is going to be fucked and I have a 11/21 deadline. I need to know two things, if any of you can discern from all of this:

1. Is it EVER going to be possible for me to connect to that database? Or should I just stop wasting my time and create another for my personal use?

2. If it is possible, can someone tell me how? :(

Thanks everyone.

Cross posted to PHP/MySQL communities.

Source: http://www.livejournal.com/community/php/363248.html

Date: 11/03/05 (Security)    Keywords: security, web, microsoft

Web sites that use certain custom applications won't display as expected in Internet Explorer after installing two Microsoft security updates.

Source: http://news.zdnet.com/Microsoft+patches+may+break+Web+sites/2100-1009_22-5929689.html?part=rss&tag=feed&subj=zdnn

Date: 11/04/05 (Security)    Keywords: security, microsoft

A single security update for the operating system will come on Patch Tuesday, Microsoft says.

Source: http://news.zdnet.com/%27Critical%27+Windows+fix+coming+for+PCs/2100-1009_22-5931829.html?part=rss&tag=feed&subj=zdnn

Date: 11/04/05 (Security)    Keywords: software, technology, security

Security software makers consider adding protection against the cloaking tool in Sony's anticopying technology.

Source: http://news.zdnet.com/Sony%27s+antipiracy+may+end+up+on+antivirus+hit+lists/2100-1009_22-5933428.html?part=rss&tag=feed&subj=zdnn

Date: 11/04/05 (Security)    Keywords: security

"Highly critical" bug in media player could open door for a denial-of-service attack, security company says.

Source: http://news.zdnet.com/Apple+sounds+alarm+over+QuickTime+flaws/2100-1009_22-5933117.html?part=rss&tag=feed&subj=zdnn

Date: 11/04/05 (Security)    Keywords: software, security

Q&A Reformed criminal takes the measure of today's hackers and the current state of software security.

Source: http://news.zdnet.com/Mitnick%3A+It%27s+a+new+breed+of+hackers/2100-1009_22-5932859.html?part=rss&tag=feed&subj=zdnn

Date: 11/04/05 (Security)    Keywords: security

Online stock traders have been targeted by fraudsters, prompting commission to issue security warnings.

Source: http://news.zdnet.com/SEC+urges+security+in+online+trading/2100-1009_22-5933574.html?part=rss&tag=feed&subj=zdnn

Date: 11/08/05 (Security)    Keywords: security, web

Papa John's has beefed up security for its Web-based e-mail system after learning that internal e-mail and customer data had been exposed.

Source: http://news.zdnet.com/Pizza+chain+caught+without+fully+baked+security/2100-1009_22-5938572.html?part=rss&tag=feed&subj=zdnn

Date: 11/07/05 (Security)    Keywords: software, security, spyware

Another security software company unveils anti-spyware applications for businesses.

Source: http://news.zdnet.com/Check+Point+to+offer+corporate+anti-spyware/2100-1009_22-5938064.html?part=rss&tag=feed&subj=zdnn

Date: 11/08/05 (Security)    Keywords: security

Soon after a patch for four security flaws is issued, a new "critical" hole is found in Apple's popular media player.

Source: http://news.zdnet.com/Another+QuickTime+flaw+found/2100-1009_22-5940081.html?part=rss&tag=feed&subj=zdnn

Date: 11/09/05 (Security)    Keywords: software, security

Some security companies say Sony's copy-protection software is merely a pest, others say it is more onerous than that.

Source: http://news.zdnet.com/Antivirus+firms+target+Sony+%27rootkit%27/2100-1009_22-5942265.html?part=rss&tag=feed&subj=zdnn

Date: 11/11/05 (Security)    Keywords: security

Conviction under the U.K. Computer Misuse Act hasn't stopped Daniel Cuthbert from working for a tech security company.

Source: http://news.zdnet.com/2100-1009_22-5946271.html

Date: 11/13/05 (Computer Geeks)    Keywords: software, security, linux

If you have heard about SonyBMG's newest DRM technique, you will know that it opens you up to a lot security problems. Here is how to get rid of the software that they install:

This is copied from: http://www.freedom-to-tinker.com/?p=924

This DRM system operates only on recent versions of Windows. If you’re using MacOS or Linux, you have nothing to worry about from this particular DRM system. The instructions here apply to Windows XP.

How to tell whether the rootkit is on your computer: On the Start menu, choose Run. In the box that pops up, type this command:

cmd /k sc query $sys$aries

and hit the Enter key. If the response includes “STATE: 4 RUNNING”, then your machine is infected with the rootkit. If the response includes “The specified service does not exist as an installed service”, then your machine is not infected with the rootkit.

How to disable the rootkit: On the Start menu, choose Run. In the box that pops up, type this command:

cmd /k sc delete $sys$aries

and hit the Enter key. Then reboot your system, and the rootkit will be permanently disabled.

Note that this does not remove or disable the main anti-copying technologies. It only turns off the rootkit functionality that hides files, programs, and directory entries. The main DRM software is still present.

Source: http://www.livejournal.com/community/computergeeks/815884.html

Date: 11/13/05 (Security)    Keywords: security

Update planned for security tools to detect and remove part of the copy protection tools installed on PCs when some music CDs are played.

Source: http://news.zdnet.com/2100-1009_22-5949041.html

Date: 11/14/05 (Security)    Keywords: security

It's hard to prove monetary return of investments in security, but execs understand the risk of not complying with regulations.

Source: http://news.zdnet.com/2100-1009_22-5951358.html

Date: 11/15/05 (Security)    Keywords: security

To retain control over hijacked PCs, cybercriminals will add encryption capabilities to their bots, a security expert predicts.

Source: http://news.zdnet.com/2100-1009_22-5952102.html

Date: 11/15/05 (Security)    Keywords: security

Problem in key Internet security protocol used by Cisco, Juniper and other companies could shut down devices or slow movement of data.

Source: http://news.zdnet.com/2100-1009_22-5951916.html

Date: 11/15/05 (Security)    Keywords: security

System administrators are dealing with security vulnerabilities more quickly, but attacks are also appearing sooner.

Source: http://news.zdnet.com/2100-1009_22-5953293.html