Date: 01/10/08 (Security)    Keywords: technology, security

Many organizations are starting to deploy certificates to secure critical pieces of business including e-mail, mobile access, and digital signaturs. The SaaS model is key factor for PKI comeback says ChosenSecurity's John Adams Commentary--Today, there is a wide range of technology, products and solutions for securing an enterpris'’s...

Source: http://news.zdnet.com/2424-9595_22-182915.html

Date: 01/10/08 (Data Management)    Keywords: software, database, security

Oracle said Thursday that its latest batch of patches will fix 27 security fixes "across hundreds of Oracle products," including eight for the company's database, seven for its e-business suite and six for its application server. In its advisory, Oracle outlines a laundry list of software affected....

Source: http://blogs.zdnet.com/security/?p=798

Date: 01/11/08 (Security)    Keywords: software, security

Eleven projects are certified as secure in government-backed initiative led by source code analysis specialist Coverity. Source code analysis expert Coverity has found and helped fix more than 7,500 security flaws in open-source software, and published a list of the 11 open-source projects working fastest to sort them...

Source: http://news.zdnet.com/2100-1009_22-6225700.html

Date: 01/12/08 (PHP Community)    Keywords: php, xml, security, web

I have a file /home/me/xml/email.xml that is created via PHP running from within stub-executable (/xml folder only permits "cgi" user to write to it).

Problem is that I normally use TCL to write XML files, but because of my need to use $_SESSION for security reasons, I am having to do the entire program in PHP.

/home/me/xml/email.xml is there when I do echo file_get_contents('/home/me/xml/email.xml'); however, I can't SEE the file no matter what tool I use.

Here is the code that creates the email.xml file:

	if (!function_exists('submit_email')) {
		function submit_email($sessionName = '') {
			global $userPath;

			if (is_file("$userPath/xml/email.xml")) $contents = file_get_contents("$userPath/xml/email.xml");
			if (!$contents) { /* NEW CONTENTS */
				// DON'T FORGET YOU CAN'T HAVE < OR > NEXT TO ? ANYWHERE IN PHP UNLESS IT'S A COMMAND BLOCK DELIMITER!
				$contents = '<' . '?xml version="1.0" encoding="utf-8"?' . '>';
			} else {
			 	// YOU WILL HAVE TO LOB OFF THE  CLOSING TAG ELSE YOU WILL HAVE MALFORMED XML
			 	$contents = preg_replace('/<\/emailalert>$/i', '', $contents);
			}
			$contents .= '';

			// RE-INSERT INTO email.xml
			$isSuccessful = true;
			//@unlink("$userPath/xml/email.xml"); // FOR SOME REASON IT DOES NOT CLEAR OUT CONTENT USING 'w' OPTION
			if (!file_put_contents("$userPath/xml/email.xml", $contents, 'w')) $isSuccessful = false;
			if ($isSuccessful) chown("$userPath/xml/email.xml", 'ppowell');
			if ($isSuccessful) $msg = exec("chown ppowell:users \"$userPath/xml/email.xml\"");
			if ($isSuccessful) chmod("$userPath/xml/email.xml", 700);
			if ($msg) print_r($msg);
			if ($isSuccessful && !is_file("$userPath/xml/email.xml")) $isSuccessful = false;

			// REMOVE SESSION (OPTIONAL) AND RETURN FALSE
			if (!$isSuccessful) {
			 if ($sessionName && isset($_SESSION[$sessionName])) unset($_SESSION[$sessionName]);
			 return false;
			}
		
			return true;
		}
	}

Source: http://community.livejournal.com/php/609267.html

Date: 01/13/08 (Web Technology)    Keywords: security, web

Hey, security breaches, incompetence and corruption. Sounds like government IT. The Post reports: A government Web site designed to help travelers remove their names from aviation watch lists was so riddled with security holes that hackers could easily have stolen personal information from scores of...

Source: http://government.zdnet.com/?p=3600

Date: 01/15/08 (Data Management)    Keywords: database, security

Oracle as expected released its quarterly batch of security fixes Tuesday. In a blog post, Oracle said: Oracle today released the January 2008 Critical Patch Update (CPUJan2008).В  This Critical Patch Update (CPU) addresses a total of 26 vulnerabilities affecting Oracle Database Server, Oracle Application Server, Oracle...

Source: http://blogs.zdnet.com/security/?p=813

Date: 01/16/08 (Security)    Keywords: security, virus, antivirus

In annual report on security flaws, vulnerability-testing company strongly criticizes CA's ARCserve Backup product, as well as Symantec Mail Security. Some CA products containing antivirus components have "inherent code problems," according to vulnerability-testing company Secunia, which published its annual report on security vulnerabilities on Monday. One CA...

Source: http://news.zdnet.com/2100-1009_22-6226441.html

Date: 01/17/08 (Security)    Keywords: security, microsoft

If you're like most folks you are taking your time installing Microsoft's latest round of security patches. However, you may want to get your rear end in gear. Specifically apply MS08-001, which was released on Jan. 8. That patch fixed a Transmission Control Protocol/Internet Protocol (TCP/IP) processing...

Source: http://blogs.zdnet.com/security/?p=817

Date: 01/17/08 (Security)    Keywords: security, yahoo

Yahoo is supporting OpenID 2.0 and could triple the number of accounts in the single sign-on framework. I posted the details on Between the Lines and Techmeme has more, but after some initial enthusiasm I started thinking out loud about security. Yahoo noted that...

Source: http://blogs.zdnet.com/security/?p=816

Date: 01/18/08 (Security)    Keywords: security

From Vinius, Lithuania, Internet security expert Miroslav LuДЌinskij blogs about what sounds like a security bug in a Skype partner feature related to the danger of executing "malicious script content" through the "mood feature" option available as part of a video selection option tied to that...

Source: http://blogs.zdnet.com/ip-telephony/?p=3075

Date: 01/18/08 (Security)    Keywords: html, security, web

Updated below: Aviv Raff, a security researcher, has found a flaw in Skype that could allow an attacker to control your PC. On his blog, Raff explains the following: Skype uses Internet Explorer web control within the application to render internal and external HTML pages. Examples...

Source: http://blogs.zdnet.com/security/?p=819

Date: 01/18/08 (Data Management)    Keywords: mysql, database, sql, postgresql, security, linux

In all the media excitement over the week's two database deals, Oracle buying BEA Systems and Sun buying mySQL there's a name we're forgetting. It's PostgreSQL. PostgreSQL keeps on keepin' on, getting bugs fixed, upgrading its security, and integrating those fixes with major Linux...

Source: http://blogs.zdnet.com/open-source/?p=1903

Date: 01/21/08 (Security)    Keywords: security

Cyber warfare isn't just concerned with military and intel computers. Hackers have also attacked foreign facilities of US power utilities, according to a CIA analyst. The Washington Post reports that Tom Donahue, the CIA's top cybersecurity analyst, told an audience of utility security pros: "We do not know who...

Source: http://government.zdnet.com/?p=3611

Date: 01/21/08 (Security)    Keywords: technology, security

I was actually in Ann Arbor last week when news broke that Arbor Networks had acquired Ellacoya a so called "deep packet inspection" technology vendor. I was perplexed. That's not security. First let me clear up some terminology. "Deep Packet Inspection" was...

Source: http://blogs.zdnet.com/threatchaos/?p=508

Date: 01/22/08 (Computer Geeks)    Keywords: security, linux, microsoft

I'm a Windows fanboy (and, for the record, I don't care about your opinion. If Apple had 90% of the market share, all you Apple fanboys would be Microsoft nerds. Don't give me that crap about usability and security. Same for Linux geeks). Microsoft has a reputable OS, and if it were really terrible, it would have kicked the bucket by now. There's a reason they have most of the market share.

But I'll admit, there are features on other OSs UI that I like and would like to have on Windows, but not losing any particular Windows quality. I mean, the interface for Windows has been more or less the same since Windows 95.

I'm particularly talking about Mac OS X's dock. Or, specifically, I like the idea. The dock is really a problem for me. I used a Mac a few times, and the dock just got in the way of the applications I was trying to run. Still, the idea of not having to go to the desktop when I want to open something is great. (Windows' quick launch really isn't that great.)

So, for the last hour or so, I spent my time designing a new UI for Windows.



This is just a simple blueprint of what I imagined, so I used the Windows Classic theme. For the tiny icons, I used the icons that appear in the left hand corner of the window. This would look best in a more modern theme, like Vista. I also imagine the icons being bigger to take up space, and getting smaller when more space is used. But, again this is just a blueprint.

So, what are we seeing here? Well, we obviously have the Windows menu, which will serve it's basic functions. Then we have the taskbar icons. They will service like the icons on the desktop: you double click them, they open. When an application is open, they are added to the box you see on the right, which is for programs that are opened. When you minimize an application, you can reopen it by clicking it's icon in that box.

So, with this, what about the desktop? You can add widgets to it, or add whatever kind of eye candy you desire.

Well, that's my blueprint. (And I emphasize "blueprint". Don't give me crap saying that "why are you choosing it to look like boring Windows 98?".)

Source: http://community.livejournal.com/computergeeks/1145127.html

Date: 01/22/08 (Security)    Keywords: security

Security agency breaks its normal silence, warning about successful attacks against critical national infrastructures outside the U.S. A cyberattack has caused a power blackout in multiple cities outside the United States, the CIA has warned. The SANS Institute, a computer-security training body, reported the CIA's disclosure...

Source: http://news.zdnet.com/2100-1009_22-6227090.html

Date: 01/22/08 (Security)    Keywords: software, security

Phone Scoop reported on the RIM announcement that BlackBerry owners will be receiving updates for their devices that adds enhanced functionality and security. These new software updates will be phased in over the first half of 2008 and if you buy a new device in mid to late 2008 it...

Source: http://blogs.zdnet.com/mobile-gadgeteer/?p=805

Date: 01/22/08 (Security)    Keywords: software, security

Fresh off a series of security problems with software included on HP laptops, the company is under the gun again, say security researchers. One common thread: HP vulnerabilities due to ActiveX issues. The latest HP vulnerability--discovered by security researcher Elazar Broad--involves the HP Virtual Rooms Install. Virtual...

Source: http://blogs.zdnet.com/security/?p=822

Date: 01/23/08 (Security)    Keywords: security

Mozilla's security chief Window Snyder has confirmed a proof of concept information leak flaw in Firefox--even fully patched versions. Snyder confirmed the issue in a blog post. The proof of concept vulnerability was highlighted by researcher Gerry Eisenhaur on Jan. 19. In a nutshell, Firefox leaks information...

Source: http://blogs.zdnet.com/security/?p=823

Date: 01/24/08 (Security)    Keywords: security

Security company says it has seen an attack using a cross-site scripting flaw in 2Wire DNS routers. Security company Symantec has warned of an attack involving the subversion of routers. The security company said this was the first time it had seen such an attack "in the...

Source: http://news.zdnet.com/2100-1009_22-6227502.html