News, via Wired’s ThreatLevel blogger Kim Zetter, of a Freedom of Information Act request by EPIC [Electronic Privacy Information Center] pursuing information regarding the apparent assistance being rendered by the United States National Security Agency to Google Inc. (NasdaqGS: GOOG). Contrary to many pundits’ viewpoints, we applaud Google’s efforts to work with the NSA in [...]
Final Apache HTTP Server 1.3 Series Release
The Apache Foundation, authors of the most popular web server product in existence – Apache HTTP Server – has released the final code update to the OpenSource groups highly respected web daemon. More information, with links, appears after the page break.
NSA To Aid Google In Chinese State Sponsored Intrusion Investigation
News, via Wired’s ThreatLevel blogger Kim Zetter, of a Freedom of Information Act request by EPIC [Electronic Privacy Information Center] pursuing information regarding the apparent assistance being rendered by the United States National Security Agency to Google Inc. (NasdaqGS: GOOG). Contrary to many pundits’ viewpoints, we applaud Google’s efforts to work with the NSA in an effort to protect the company’s and our information infrastructure. Specifically in response to the alleged Chinese state-sponsored cyberterrorism activities targeting the search giants internal networks (and in fact, hundreds of other businesses, agencies and institutions have also, suffered intrusions from Chinese based IP addresses] . More information, inclusive of linkage, appears after the jump.
Oracle Patches Critical WebLogic Flaw
Oracle Corporation (NasdaqGS: ORCL) has released a critical security update for the Redwood Shores, CA database giant’s web application product WebLogic. Detailed after the jump, the vulnerabilities addressed pertain to MITRE NVD CVE-2010-0073, and the Oracle Weblogic Server release from version 7 to 11gR1. Specifics of the exploitable flaw are enumerated as a vulnerability in the Node Manager component of Oracle WebLogic Server.
USB Electronic Key Impressioner – Open Sesame
Reported by Gizmodo, and released by the manufacturer - Alternative Products Solutions – the ultimate key impressioner has arrived, courtesy of tech. Utilizing scanning and database/search technologies, this system can provide the user with a key code (utilized by locksmiths to generate a perfect, factory-match hardware key in literally seconds). More information, direct from the maufacturers’ site appears after the page break.
Firefox Malware Extensions Discovered
Yikes… More reports of Mozilla Firefox problematic extensions are circulating via the interwebs. This time, malware laden browser extensions monikered Sothink Web Video Downloader and Master Filer have been discovered to contain Trojans targeting Microsoft Corporation’s [NasdaqGS: MSFT] Windows users. Apparently, the trojaned extensions do not suffer indignities upon MAC OS X, Linux, BSD or Unix users. Methinks a wake-up call for significantly increased and stringent extension checks at Mozilla, focusing on anti-malware code is in the offing… A short snippet of the original post, including links appears after the jump.
- Lisa Benson: Jobs
- Final Apache HTTP Server 1.3 Series Release
- Sherffius: The Moon
- NSA To Aid Google In Chinese State Sponsored Intrusion Investigation
- Oracle Patches Critical WebLogic Flaw
- Lisa Benson: Beanstalk
- USB Electronic Key Impressioner – Open Sesame
- Sherffius: Bacterial-Laden
- Firefox Malware Extensions Discovered
- Holbert: Trillion Dollar Stuck Pedal
- Thanksgiving 2009
- XKCD: Can’t Sleep
- MustRead: Oracle PL/SQL Anti-Injection Whitepaper
- Anti-Malware Report: First Quarter ‘09 Incidents Rise Over 10%
- President Abraham Lincoln
- Kapersky Malaysian Site Hacked – Turk Cracker Counts Coup
- Amazon EC2 Windows Beta Appears Over European Skies…
- IRS – Read The Logs
- The Story of Master Splyntr
- Team Cymru Security Data Visualization
Cryptography
- Microscope-wielding boffins crack cordless phone crypto 2010/02/08
- Making packet processing more efficient with network-optimized multicore designs: Part 2 2010/02/08
- New Attack on Threefish 2010/02/07
- So I deleted it without reading it. 2010/02/06
- Kaspersky: Google hack takes spotlight from Russia 2010/02/05
- IP Cores, Inc. Announces an Update of its Elliptic Curve Crypto Accelerator 2010/02/05
- SMIC, SSHIC deliver smart card IC using 0.162 m EEPROM 2010/02/04
- Revere Security Appoints Co-Inventor of Public-Key Cryptography... 2010/02/03
- Data defenders: Researchers try to ward off increasingly sophisticated cyber attacks 2010/02/02
- IP Cores Selects Phoenix Technologies for Israel 2010/02/02
Security Bloggers Network
- My Blackhat DC Paper, Slides, and Video are available 2010/02/08 IBM Internet Security Systems Frequency X Blog
- Is Your BlackBerry Spying On You? 2010/02/08 spinman
- The 800-lb Dragon’s APTitude 2010/02/08 Bill Wildprett
- Wrapping insecure web apps with Apache 2010/02/08 Asmodian X
- Oracle Patches Critical WebLogic Flaw 2010/02/08 Marc Handelman
- Lisa Benson: Beanstalk 2010/02/08 Marc Handelman
- Week 5 in Review 2010/02/08 glenn
- Google Street View Car Gets GPSed by F.A.T. Pranksters 2010/02/08 Devin McDonald
SANS ISC
- Oracle has an unscheduled security alert and patch for CVE-2010-0073. The issue affects WebLogic Server and is remotely exploitable. Details and patch are here http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0073.html, (Tue, Feb 9th) 2010/02/09
- When is a 0day not a 0day? Samba symlink bad default config, (Tue, Feb 9th) 2010/02/09
- When is a 0day not a 0day? Fake OpenSSh exploit, again. , (Mon, Feb 8th) 2010/02/08
- Mandiant Mtrends Report, (Sun, Feb 7th) 2010/02/07
- LANDesk Management Gateway Vulnerability, (Sat, Feb 6th) 2010/02/06
- tweaked ISC layout. Please submit screen shot and browser details if things don't look right., (Sat, Feb 6th) 2010/02/06
- Oracle WebLogic Server Security Alert, (Sat, Feb 6th) 2010/02/06
- New version of Andreas Schuster's Evtx Parser released http://computer.forensikblog.de/en/2010/02/evtx_parser_1_0_2.html, (Sat, Feb 6th) 2010/02/06
- Memory Analysis - time to move beyond XP, (Fri, Feb 5th) 2010/02/06
Oracle
- Oracle to Acquire AmberPoint 2010/02/09
- Bookmarkable page with parameters 2010/02/09
- 32-bit to 64-bit database migration tips: OLAP upgrade 2010/02/08
- ADF Coding Ninja 2010/02/08
- Case Study: Swedish Rail Operator SJ Increases Revenue and Customer Satisfaction Using CRM 2010/02/08
- Random Things: Volume #13 2010/02/08
- v-Commerce? 2010/02/08
MySQL
- A deep look at MySQL 5.5 partitioning enhancements 2009/12/24
- Sun "Tech Days" Conference World Tour Kicks Off in Brazil 2009/12/07
- Tino Rachui: Using MySQL Cluster in Sun's Virtual Desktop Infrastructure 2009/11/10
- MySQL Database Analytics with InfiniDB from Calpont – Part 2 2009/10/28
- MySQL Database Analytics with InfiniDB from Calpont – Part 1 2009/10/27
- What's New in the MySQL Enterprise Fall 2009 Release? - Interview with Mark Matthews and Andy Bang 2009/09/08
- Introducing the MySQL Librarian 2009/07/14
Linux
- Oracle Drops Sun's Commitment To Accessibility - Slashdot 2010/02/09
- LinuxCon Puts Out Call for Papers Ahead of Summer Event - OStatic (blog) 2010/02/09
- How To Reverse Engineer A Motherboard BIOS - Benchmark Reviews 2010/02/09
- Oracle Patches Dangerous WebLogic Server Flaw - eWeek 2010/02/09
- Unix ENGINEER - TRADING - SYDNEY CBD! - Australian Techworld 2010/02/09
MAC OSX
- Anti-DRM Protest Against The iPad Grows 2010/02/08 Eli Milchman
- Amazon to Hike Ebook Pricing as iPad Ships 2010/02/08 Ed Sutherland
- Daily Deals: iPhone Acces. Bundle, External Superdrive, App Store Freebies 2010/02/08 Ed Sutherland
- Mock Up Your iPad Ideas With IA’s Omnigraffle Template 2010/02/08 Giles Turnbull
- The inevitable DIY iPad papercraft mockup 2010/02/08 John Brownlee
- Apple to app devs: don’t use Core Location “primarily” for advertising 2010/02/08 John Brownlee
- Report: Carriers to Subsidized iPads for 2-Year 3G Contracts 2010/02/08 Ed Sutherland
Microsoft
- February 2010 Bulletin Release Advance Notification 2010/02/04 MSRCTEAM
- Security Advisory 980088 Released 2010/02/03 MSRCTEAM
- January 2010 Out-of-Band Security Bulletin Webcast 2010/01/22 MSRCTEAM
- Bulletin MS10-002 Released 2010/01/21 MSRCTEAM
- Security Advisory 979682 Released 2010/01/21 MSRCTEAM
- Advance Notification for Out-of-Band Bulletin Release 2010/01/20 MSRCTEAM
- Security Advisory 979352 – Going out of Band 2010/01/19 MSRCTEAM
Network
- Europe lagging behind on fibre broadband adoption 2010/02/08
- LG NAS N4B1 review 2010/02/08
- VoIP patent under review by Patent Office 2010/02/08
- YouTube now supports IPv6 2010/02/08
- Where do web giants stand on IPv6? 2010/02/05
- Intel details vPro for Core i5, i7 processors 2010/02/05
- Microsoft IE still popular, researcher says 2010/02/05
The Infosecurity.US Blog is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.
Creative Commons Attribution-Share Alike 3.0 U.S. License ©2010 Infosecurity.US
