Date: 05/15/06 (Security)    Keywords: security

Peter Pietra's job is to defend Homeland Security privacy policies--not a job for anyone with a thin skin.

Source: http://news.zdnet.com/2100-1009_22-6072288.html

Date: 05/16/06 (Java Web)    Keywords: software, security, virus, antivirus

Ten commandments for computer security: Thy shall create strong passwords Thy shall use good antivirus software Windows users shall regularly update critical updates Thy shall download online forms after verifying URL https:// or forms with lock icons Thy shall use secure shell (ssh or sftp) for file transfers Thy shall not open unnecessary emails Thy shall regularly back up important files Thy shall [...]

Source: http://blog.taragana.com/index.php/archive/ten-commandments-on-cyber-security/

Date: 05/17/06 (Java Web)    Keywords: security, spam

Blue Security came with an innovative solution to target spammers - by spamming them with opt-out requests. It worked surprisingly well and spammer’s were naturally not happy. Unfortunately the company has decided to call it quits following the series of attacks it faced a couple weeks ago. A spammer figured out Blue Security’s “opt-out” list and [...]

Source: http://blog.taragana.com/index.php/archive/spammer-wins-blue-security-shuts-down/

Date: 05/17/06 (Security)    Keywords: software, security, virus, antivirus

Antivirus giants launch initiative with legal action against group selling illegal versions of their security software.

Source: http://news.zdnet.com/2100-1009_22-6073382.html

Date: 05/17/06 (Security)    Keywords: security

Three biggest phone companies in U.S. say they never improperly provided call records to National Security Agency.

Source: http://news.zdnet.com/2100-1009_22-6073179.html

Date: 05/19/06 (Web Technology)    Keywords: security

The National Geospatial-Intelligence Agency will use the mapping tech for "humanitarian, peacekeeping and national security efforts."

Source: http://news.zdnet.com/2100-9588_22-6074076.html

Date: 05/22/06 (Computer Geeks)    Keywords: software, security, virus, antivirus, web, microsoft

I have been having trouble with a few websites in Firefox lately. They don't look like they load fully. I tried loading them in IE and everything is perfect.

I ran spybot and found the following thing pop up:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword=0 Kind=Registry.


Is this a virus? Did something get changed and I didn't know it?

If there is anything you can tell me, I would greatly appreciate it.

Thanks.

Source: http://community.livejournal.com/computergeeks/925496.html

Date: 05/23/06 (Security)    Keywords: security

Personal information including Social Security numbers is taken during robbery of government employee's home.

Source: http://news.zdnet.com/2100-1009_22-6075212.html

Date: 05/23/06 (IT Professionals)    Keywords: software, asp, security

hello folks,

does anyone have any experience running this software?

http://www.desktopstandard.com/PolicyMakerApplicationSecurity.aspx

it basically allows applications to run with different privileges than the user that runs them (for
example, granting local administrative access for specific apps that require it). we're looking to be
able to remove our AutoCAD users from the local administrative groups of their workstations.

if you've got any experience with/comments on this tool or the publisher, i'd love to hear from you :)

Source: http://community.livejournal.com/itprofessionals/38515.html

Date: 05/25/06 (Asp Dot Net)    Keywords: sql, security

I'm trying to sort by domain user id, I can pull the user id fine but now I want to sort my SELECT by that name. How do I put the value of getUserIdentity into my SELECT statment.

Thanks

protected string getUserIdentity()
{
return HttpContext.Current.User.Identity.Name.ToString().Replace("DOMAIN\\", "");
}

protected void Page_Load(Object sender, EventArgs e)
{
username = getUserIdentity();

SqlConnection myConnection = new SqlConnection("Data Source=CLIENTELE;Initial Catalog=forms;Integrated Security=True");
SqlDataAdapter myCommand = new SqlDataAdapter("SELECT * FROM formTable WHERE userID = @username ORDER BY status DESC", myConnection);

DataSet ds = new DataSet();
myCommand.Fill(ds, "names");

MyDataGrid.DataSource=ds.Tables["names"].DefaultView;
MyDataGrid.DataBind();
}

Source: http://community.livejournal.com/aspdotnet/68149.html

Date: 05/25/06 (PHP Community)    Keywords: html, database, sql, security

Currently I'm working on a small and simple blogger for someone.  It doesn't have to be anything extraordinary or anything, however, of course, I want it to be as secure as possible within my means.

I've heard all of the horror stories of SQL injection and whatnot where users input bad things to make bad things happen and that there is a general rule about NEVER letting the user input directly into a database without cleaning it up.

Well... in this case, it isn't that simple.


I don't want to really limit what characters the user can enter in (except for html.. That I'm stripping out).  But, I don't want to limit it to alpha-numerical characters.  So, I thought of another way where the user has more freedom, but I'm hitting some walls with it... and perhaps some of you could let me know if you see any glaringly obvious problems.

I was thinking of having the users input sent to a text file.  A file, automatically named, maybe by timestamp or whatever, that contains the text the user has entered.  Then, the DB would only contain the name of the file created, its ID number, and the user associated with it.  Then, when viewing them, simply pull the name of the file from the DB, fopen and fread it and echo the results.  I have the open and reading part working, however... I want to avoid people being able to go to that file directly (by some stroke of luck by guessing its name).  So... my two concerns are:

1. Are there any obvious security issues by doing this with external files?
2. Is there any way I can prevent direct opening of these files?

Thank you in advance.

Source: http://community.livejournal.com/php/453279.html

Date: 05/26/06 (Security)    Keywords: security

After Veterans Affairs leak, a congressional panel votes on data security bill. But it may let federal agencies off the hook.

Source: http://news.zdnet.com/2100-1009_22-6077199.html

Date: 05/29/06 (Java Web)    Keywords: software, security, virus, antivirus

Symantec’s antivirus software, which protects some of the world’s largest corporations and US government agencies, suffers from a flaw that lets hackers seize control of computers to steal sensitive data, delete files or implant malicious programs, researchers from eEye Digital Security said. Symantec is investigating the issue. The reported threat to computer users would be severe, [...]

Source: http://blog.taragana.com/index.php/archive/symantec-anti-virus-software-exposes-computers-to-hackers/

Date: 05/30/06 (Security)    Keywords: software, security, microsoft

Consumer security software due out this summer is pitted against Microsoft's OneCare and Symantec's upcoming 'Genesis.'

Source: http://news.zdnet.com/2100-1009_22-6078036.html

Date: 05/31/06 (Security)    Keywords: software, security

Symantec's next-generation security software, now offically named Norton 360, faces a possible delivery delay.

Source: http://news.zdnet.com/2100-1009_22-6078391.html

Date: 05/31/06 (Web Development)    Keywords: cms, php, mysql, database, asp, sql, security, web

Hi all, a quick question.

I use PHP mostly because it's the only web language I know well enough to do what I need to do on a daily basis, but my place of employment is considering redesigning the web site - and letting me have control over how it's developed and in what languages, etc. Is there any advantage of using ASP over PHP, or any other language over another? I integrate a lot with a database (MySQL) (calendars, event listings, internship databases, video archive, etc) and currently run on a Sun box, but I also need to integrate (in the future) with a SQL database on an IIS server, which required me to develop in ASP. I didn't know ASP so we had to contract it out, and I'd rather avoid doing that again in the future - unless there's an added security benefit to asp or something like that. Opinions anyone, on what language to use vs another, or any opinions on a sort of "dream set up" (including CMS - I've never used a third party so recommendations would be interesting) I might be able to go after?

Thanks everyone!

Source: http://community.livejournal.com/webdev/325474.html

Date: 06/01/06 (Java Web)    Keywords: security

The new features / fixes are: Small performance enhancements Movable Type / Typepad importer fix Enclosure (podcasting) fix Bugtraq reported issue & backporting of security enhancements from 2.1 (nonces) Misc. fixes etc.... List of files changed in WordPress 2.03 wrt. 2.02 for those planning on selective upgrade.

Source: http://blog.taragana.com/index.php/archive/wordpress-203-released-changed-files-from-202/

Date: 06/02/06 (Security)    Keywords: security

Texas student-loan provider says IT contractor lost hardware containing customer names and Social Security numbers.

Source: http://news.zdnet.com/2100-1009_22-6079261.html

Date: 06/02/06 (Asp Dot Net)    Keywords: html, asp, security, web

Hi folks...long time reader, first time poster.

I have a piece of code that SHOULD be working. It is simple and straight forward, creating a directory.

The code:

Dim tmpfldr As String = secret.buildFLDR() ' Build a 10 character, semi random string for a DIR Name
'This is the URL that will be used to create the links
targetfullpath = "http://" & cfg.serverURL & "/" & cfg.RootDBFolder & "/" & tmpfldr
filesysfullpath = cfg.filesysFLDR & "\" & cfg.RootDBFolder & "\" & tmpfldr
Me.lblUploadStat.Text = Me.filesysfullpath
'filesysfullpath = "\" & tmpfldr
Dim tdir As DirectoryInfo
Dim usr As String = "Current executing thread is " + System.Security.Principal.WindowsIdentity.GetCurrent().Name
Try
If Directory.Exists(filesysfullpath) = False Then
' Create the directory.
Directory.CreateDirectory(filesysfullpath)

....

It gets to this line and throws an error:

System.IO.DirectoryNotFoundException: Could not find a part of the path "e:\". at System.IO.__Error.WinIOError(Int32 errorCode, String str) at System.IO.Directory.InternalCreateDirectory(String fullPath, String path) at System.IO.Directory.CreateDirectory(String path) at mjbears.drpbox.loadcfg() in C:\Documents and Settings\Jim\VSWebCache\sandbox.pixieproductions.com\default.aspx.vb:line 100

The "filesysfullpath" resolves out to "e:\web\public_html\username\sandbox\dropbox\BUILDFLDR" where BUILDFLDR is the random string. I have read/write privileges in "dropbox" folder, so I should be able to write/create a directory there.

Help! I've been hacking on this code for hours!

Peace,

Bear

Source: http://community.livejournal.com/aspdotnet/69908.html

Date: 06/02/06 (Security)    Keywords: browser, security, web

Update to popular open-source Web browser addresses a dozen security vulnerabilities, five of which are deemed critical.

Source: http://news.zdnet.com/2100-1009_22-6079504.html