Date: 06/29/06 (Security)    Keywords: browser, security

Browser's third beta release includes some feature changes in addition to fixes to reliability, compatibility and security.
Images: IE 7 features

Source: http://news.zdnet.com/2100-1009_22-6089370.html

Date: 06/29/06 (Java Web)    Keywords: security, web, microsoft

Fresh security problems found in Microsoft Internet Explorer that can allow attackers to take over a system or read private information from other Web sites. One of the bugs also affects Firefox. Proof-of-concept code was released demonstrating one of the bugs. A researcher on Full Disclosure mailing list warned of the two IE problems, the more [...]

Source: http://blog.taragana.com/index.php/archive/microsoft-internet-explorer-bug-allows-hackers-to-read-your-email-website-credentials-remote-code-execution/

Date: 06/29/06 (Security)    Keywords: security

Security experts warn of two flaws in IE, and in an unusual twist, one of them can be replicated in Firefox.

Source: http://news.zdnet.com/2100-1009_22-6089817.html

Date: 07/03/06 (WebDesign)    Keywords: php, mysql, software, database, sql, security

Ok im trying to instal XMB forum software onto a server.
I created the database etc etc config and everything seemed to be going ok
and then, when its finially installing I keep getting this error

Checking PHP version.......................................................OK
Checking Directory Structure...............................................OK
Checking Required Files....................................................OK
Checking Database Files....................................................OK
Checking Database API......................................................OK
Checking Database Connection Security......................................OK
Checking Database Connection...............................................
Warning: mysql_connect(): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) in /homepages/11/d161790790/htdocs/Forum/install/index.php on line 997
ERROR

Database Connection
XMB could not connect to the specified database. The database returned "error 2002: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)

I looked on the net and cant really make any sense of whats going on. Any ideas?
Im 2 steps away from chucking my pc out the window.

Source: http://community.livejournal.com/webdesign/1133538.html

Date: 07/06/06 (Security)    Keywords: browser, security

Each day this month, a prominent security expert will highlight a new vulnerability in a major browser. Happy surfing.

Source: http://news.zdnet.com/2100-1009_22-6090959.html

Date: 07/06/06 (Web Technology)    Keywords: security

The U.S. Senate mulls expanding how the IRS can use the Internet to contact American taxpayers. But privacy and security concerns linger.

Source: http://news.zdnet.com/2100-9588_22-6091008.html

Date: 07/06/06 (Security)    Keywords: security, microsoft

Microsoft plans to issue patches to deal with at least two high-risk flaws as part of its regular monthly security updates.

Source: http://news.zdnet.com/2100-1009_22-6091389.html

Date: 07/07/06 (Security)    Keywords: security

New flaw puts computers at risk of remote attack, according to a security group's advisory.

Source: http://news.zdnet.com/2100-1009_22-6091480.html

Date: 07/12/06 (PHP Community)    Keywords: security, apache

I just switched over to Dreamhost, only to discover that they've disabled allow_url_fopen in the name of security. While I appreciate the effort, my last host apparently didn't care, and I rampantly abused includes. I still do it with my various Apache installs. Anyway, I've spent the last four hours de-including my site using the curl workaround available through the Wiki. I happened to enjoy my includes for debugging purposes, and adding four lines for each one was a bit burdensome (I enjoyed them that much).

My question for you all is, why bother disabling allow_url_fopen? I just don't understand what all the worry is about. Thanks!

Source: http://community.livejournal.com/php/469239.html

Date: 07/12/06 (Security)    Keywords: software, security

Partners who sell the software giant's security products can get a 20 percent cut of the license sales.

Source: http://news.zdnet.com/2100-1009_22-6093069.html

Date: 07/13/06 (Security)    Keywords: security

U.S. companies that farm out their IT security functions report a jump in the amount of such work sent overseas.

Source: http://news.zdnet.com/2100-1009_22-6094051.html

Date: 07/14/06 (PHP Development)    Keywords: php, security, web

I was wondering, just how many people write PHP to be console based "applications"? I find myself more and more using the language with the #!/usr/bin/php at the top to make it an executable script. I've found some great uses, one of my projects in fact is a SHOUTcast Automatic DJ system, customizable and modular of course, but it needs to be purely console based for the simple fact that the person I'm writing it for and myself want security and don't care about a web interface for this as it's unnessicary and very bloating. He'll want a web interface later, but I figure that can be done once I lay out the "application" in console, yanno? Back to what I was posting here about, I wanted to know how many people are using PHP in the command line environment as handwritten "app" to be able to do something or another. Curiosity gets the best of me, and if the response is high, I'll go ahead and post my library of functions i've found, written myself, compiled, and edited for CLE usage for everyone else to enjoy and use as well.

XPosted

Source: http://community.livejournal.com/php_dev/71287.html

Date: 07/14/06 (PHP Community)    Keywords: php, security, web

I was wondering, just how many people write PHP to be console based "applications"? I find myself more and more using the language with the #!/usr/bin/php at the top to make it an executable script. I've found some great uses, one of my projects in fact is a SHOUTcast Automatic DJ system, customizable and modular of course, but it needs to be purely console based for the simple fact that the person I'm writing it for and myself want security and don't care about a web interface for this as it's unnessicary and very bloating. He'll want a web interface later, but I figure that can be done once I lay out the "application" in console, yanno? Back to what I was posting here about, I wanted to know how many people are using PHP in the command line environment as handwritten "app" to be able to do something or another. Curiosity gets the best of me, and if the response is high, I'll go ahead and post my library of functions i've found, written myself, compiled, and edited for CLE usage for everyone else to enjoy and use as well.

XPosted

Source: http://community.livejournal.com/php/469887.html

Date: 07/14/06 (Security)    Keywords: technology, security

It'll take more than installing technology to cure security gaps at U.S. government agencies, experts say.

Source: http://news.zdnet.com/2100-1009_22-6094415.html

Date: 07/14/06 (Security)    Keywords: software, technology, security

Serious hole found, and fixed, in popular technology used to manage McAfee's security software.

Source: http://news.zdnet.com/2100-1009_22-6094471.html

Date: 07/17/06 (Java Web)    Keywords: security, virus

Today’s bot / malware writers are leveraging open source tools and development models to improve their bots according to McAfee. Unlike viruses of the past, bots tend to be written by a group of authors, who often collaborate by using the same tools and techniques as open source developers, said Dave Marcus, security research and communications [...]

Source: http://blog.taragana.com/index.php/archive/bots-malware-writers-leveraging-open-source-tools-model/

Date: 07/17/06 (Java Web)    Keywords: security, virus

Scientists of the Indian Council of Agricultural Research (ICAR) have succeeded in developing an indigenous vaccine against bird flu (H5N1 virus). This feat has been achieved by scientists working at the Bhopal-based High Security Animal Disease Laboratory (HSADL) in a record time of four months under a Rs 8-crore project. ICAR Director-General Mangala Rai described this as [...]

Source: http://blog.taragana.com/index.php/archive/indian-scientists-develops-bird-flu-vaccine/

Date: 07/17/06 (Security)    Keywords: security

AOL Total Care marks one of company's first steps into the security space, outside of its subscriber tools.

Source: http://news.zdnet.com/2100-1009_22-6094932.html

Date: 07/17/06 (Web Development)    Keywords: html, security

I posted not too long ago asking for recomendations for wysiwyg form editors. I.e. i want my users to be able to use a wysiwyg editor when using my site. I got a lot of great recommendations, but now I have another question. How do you handled security with these and prevent things like xss since these editors typically send html text. I know that parsing html is one option, but it is not simple. If your curious about the difficulties in "cleaning" up html then read this: http://namb.la/popular/tech.html

What would be ideal is a wysiwyg editor that doesn't pass pure html but something like bbcode or markdown. Anyone have any recommendations?

Source: http://community.livejournal.com/webdev/335363.html

Date: 07/19/06 (Web Technology)    Keywords: security

AIM Pro, to be released Wednesday, features security and online meeting functions aimed at corporate users.

Source: http://news.zdnet.com/2100-9588_22-6095523.html