Infosecurity.US

Oracle Corporation (NasdaqGS: ORCL) has announced (just before the weekend) availability of three important updates to the database  and business software giant’s Enterprise Linux distribution (specifically packages address issues with rsh, httpd and samba).  Oracle Enterprise Linux is a variant of RED HAT, INC.’s (NYSE: RHT)  Red Hat Enterprise Linux open source based operating system. Additional information, inclusive of the release notes and requisite linkage appears, after the jump. Read More »

Microsoft Corporation (NasdaqGS: MSFT) has released its ubiquitous Advance Notification for the software giant’s typical monthly Patch Tuesday operating system and application security patchfest . Slated for 2009/07/14 TUE, the announcement, as in the past, has a wide ranging affect on a variety of Microsoft, as well as third party products. Affected software includes versions of Microsoft Windows, Publisher, ISA and other products. Included in planned patch activity is mitigation for at least three highly critical vulnerabilities, of which, two are under reportedly heavy, active attack (IE and DirectShow) More information related to the announcement appears after the jump.

Read More »

In an outstanding thought piece, Gadi Evron, via the HackedOff blog at DarkReading explains, quite eloquently, why the currently reported North Korean attributed DDoS scanrios are NOT cyberwarfare. Except, of course,  in the minds of certain media types… A short snippet, including linkage, appears after the jump.

Read More »

The great Masked Password Debate is apparently raging on… Bruce Schneier, the highly respected Chief Security Technology Officer of BT Counterpane Security (his blog is always a MustRead) has clarified his statements regarding the utilization of the masked password/shoulder surfing debacle. More information via El Reg, appears after the jump.

From The Register: “Schneier says he was ‘probably wrong’ on masked passwords“

Security expert Bruce Schneier has said that he probably made a mistake when he backed a usability expert’s plea to website operators to stop masking passwords as users type because it does not improve security and makes sites harder to use.

Usability guru Jakob Nielsen said last month that sites should show most passwords in clear text as users type them. Nielsen is the web’s most famous usability expert. OUT-LAW put his observations to Schneier, a widely-respected expert on IT security. He backed Nielsen’s view.

• Stop Password Masking (Jakob Nielsen’s Alertbox) (useit.com)
• Password masking considered harmful? (nonnotablenatterings.blogspot.com)
• Should Passwords Be Masked in Online Forms? (blogstorm.co.uk)
• Nielsen Recommends Not Masking Passwords (it.slashdot.org)
• Stop masking passwords (kottke.org)
• Rediscovering Jakob Nielsen (37signals.com)
• How Safe Are Your Passwords? (littlegreenfootballs.com)

News, overnight, of Apple Inc.’s (NasdaqGS: AAPL) Safari update, now at 4.0.2. The update addresses MITRE CVE IDs: CVE-2009-1724 and CVE-ID: CVE-2009-1725 (both WebKit security issues). More information, direct from One Infinite Loop, appears after the jump. Read More »