Date: 12/15/06 (Security)    Keywords: security, virus, antivirus

"Big Yellow" hits systems running Symantec's corporate antivirus tools, warns eEye Digital Security. Symantec says attacks are limited.

Source: http://news.zdnet.com/2100-1009_22-6144282.html

Date: 12/16/06 (Computer Help)    Keywords: security, web, yahoo

At first I thought it was just LJ, now I have no idea what the problem is, and it's driving me freaking crazy! I don't think I've ever been so freaking frustrated in my entire LIFE.

The first day that I got a livejournal, I changed my viewing options to dystopia, I had the website remember my password. I went to get onto livejournal today, and my password is no longer saved. I went to log in, and clicked "remember me" but it will NOT log me in if the box is checked. If I type in a random username to bring me to the other login screen, it tells me my password security secure, and I want standard. But when I click standard it doesn't remember it. I log in, ask it to remember me, do whatever, I have to go into the management, change my viewing options to what I want them to be, I'm done, I close the window. I come back, and I have to do the same thing OVER, and OVER and OVER again. It won't even remember my VIEWING OPTIONS, for God's sake! I just went to check my Yahoo! mail, and is what it looks like. WHAT IS THE ISSUE? HOW CAN I FIX THIS? I am going completely bonkers, and I'm on the verge of punching a hole in my wall. Obviously my temper isn't the greatest, but this is the most irritating thing EVER.

Thanks for any help.

Source: http://community.livejournal.com/computer_help/724604.html

Date: 12/17/06 (HTML Help)    Keywords: html, asp, security

I found some LiveJournal layouts that I adore...the only problem is that I like certain aspects of each of those layouts.

• I like the layout of this one


• The background of this one


• And, just to make things more complicated, I wanted to fit this banner in somewhere
  

overridehelp

• Can these layouts even be combined?


• If so...




• How can I make the tabs fit below the banner?


• How can I move the default icon to be in line with the sidebar?


• How can I move the sidebar?


• How can I center the entries and the sidebar?

Date: 12/20/06 (Open Source)    Keywords: security

The popularity of Firefox may best be reflected in the fact that security patches have already been released. The version being offered right now, in fact, is Version 2.0.0.1.

Source: http://feeds.feedburner.com/~r/zdnet/open-source/~3/64272687/

Date: 12/20/06 (PHP Community)    Keywords: mysql, database, sql, security

As part of a development project, I'm currently developing a site which will require user login to access most of the actual site content. However, I want to ensure that I set this up with the most common security holes taken into account.

The user data is stored in a MySQL database, with the username stored in cleartext and the password field contains the md5 hash of the actual password concatenated with a 10 character random salt string (which is stored in the database as cleartext).

Login form data is passed via POST. Any data that is taken from or generated from the user will be passed through a sanitization function to prevent SQL injection attacks.

To track the user's state, I am looking into using session variables. My current problem is how to determine if the user has been authenticated properly, ideally without having to make a database call on every single page where this needs to be verified.

Does anyone have any suggestions as to some ways to authenticate the contents of a session to prevent man-in-the-middle/replay attacks? The obvious way would be to store the session ID in the database and check it every time, but that adds a lot of overhead.

Also, if anyone can spot any glaring security issues that I've missed in the descriptions above, I'd really like to hear about it. I want to do this right the first time.

Source: http://community.livejournal.com/php/523861.html

Date: 12/21/06 (Security)    Keywords: software, security

Interfaces are meant to help security software makers create products that work with kernel protection features in Windows Vista.

Source: http://news.zdnet.com/2100-1009_22-6145285.html

Date: 12/22/06 (Security)    Keywords: security

A now-defunct Transportation Security Agency project to create dossiers on American air travelers misled the public about privacy, report says.

Source: http://news.zdnet.com/2100-1009_22-6145796.html

Date: 12/29/06 (Security)    Keywords: security, spam

Security experts warn of a Trojan horse disguised as celebratory e-mail that could turn a PC into a spamming zombie.

Source: http://news.zdnet.com/2100-1009_22-6146321.html

Date: 12/30/06 (Javascript Community)    Keywords: css, html, java, security, spam

I have an old site thats getting spammed so I created this faux graphic security script
First: create several of those graphics with numbers+letter strings (this example uses 5)
This script hides the form (with CSS) until the correct value entered
if anything, it will slow them down and should block some bots.
Sorry the formatting is all jacked up - its a montage of old script an new :)

");
document.write("");
document.write("");
document.write("");
document.write("

HTML AND CSS

Source: http://community.livejournal.com/javascript/122818.html

Date: 01/02/07 (Security)    Keywords: software, security

Publication of yet-to-be-patched vulnerability in QuickTime kicks off month in which security researchers plan to publish an Apple software bug each day.

Source: http://news.zdnet.com/2100-1009_22-6146615.html

Date: 01/02/07 (Security)    Keywords: security, spam, google

Security hole that affected several Google services exposed the address books of Gmail users, a potential treasure trove for spammers.

Source: http://news.zdnet.com/2100-1009_22-6146669.html

Date: 01/04/07 (Security)    Keywords: security, virus, spam

Cisco will purchase IronPort, a leader in tech that scans e-mail for spam and viruses, to bolster its security profile.

Source: http://news.zdnet.com/2100-1009_22-6147065.html

Date: 01/04/07 (Security)    Keywords: software, security

Software giant plans on Tuesday to release eight security bulletins with fixes for an unspecified number of security holes.

Source: http://news.zdnet.com/2100-1009_22-6147276.html

Date: 01/05/07 (Security)    Keywords: security

Now plans to release four security bulletins with fixes for its products, instead of the eight that it had announced.

Source: http://news.zdnet.com/2100-1009_22-6147705.html

Date: 01/08/07 (WebDesign)    Keywords: php, asp, security, web

Hey folks, I originally poster here concerning a Faculty/Staff site where I would have multiple pages and such.

Well, after speaking with our IT guy, (it's a bass ackwards process by the way, I'm the webmaster, but I have to give the IT guy all my files so he can upload them.) he says that we have no SSI/A available due to... more or less 'analness.' The school I work for is more than paranoid about net security and etc etc etc. So, that rules out PHP/ASP/anything really because they simply refuse to support it. So any suggestions from this point?

To reiterate:
About 70ish faculty and staff pages, each member having his own page. The design and layout remain the same except for an image and copy.

Thanks all.

Source: http://community.livejournal.com/webdesign/1205987.html

Date: 01/09/07 (Java Web)    Keywords: database, java, security

Security vendor Imperva has identified an access-control vulnerability in DWR, Java Open Source AJAX development framework (stable release 1.1.3 and 2.0), which it says an attacker can use to compromise a DWR based application which may in turn enable him to say break into back-end databases or servers or launch a denial-of-service-attack. On a positive note [...]

Source: http://blog.taragana.com/index.php/archive/analysis-security-vulnerability-discovered-in-dwr-open-source-java-ajax-development-framework/

Date: 01/11/07 (Java Web)    Keywords: php, sql, security

While WordPress 2.0.6 is still hot a serious security defect (SQL injection attack) was found and fixed in WordPress 2.0.7, which is currently available as RC1 (release candidate 1). The key defects fixed are: Security defect Worked around a PHP bug for PHP 4.x less than 4.4.3 and PHP 5.x less than 5.1.4 with register_globals ON [...]

Source: http://blog.taragana.com/index.php/archive/critical-wordpress-security-defect-found-and-fixed-in-207/

Date: 01/11/07 (Security)    Keywords: security, microsoft

Following Microsoft's lead, Oracle has started tipping customers off in advance of upcoming security patches.

Source: http://news.zdnet.com/2100-1009_22-6149632.html

Date: 01/11/07 (Security)    Keywords: security

Democrat Dianne Feinstein reintroduced measures regarding data security breaches, but some worry her bills make too many exceptions.

Source: http://news.zdnet.com/2100-1009_22-6149576.html

Date: 01/12/07 (Security)    Keywords: security

Passwords generated for one-time use are designed to increase security for PayPal and its account holders.

Source: http://news.zdnet.com/2100-1009_22-6149722.html