Apple skewered over missing DNS patch Users in a BIND Apple has come under fire for failing to patch the critical Domain Name System (DNS) flaw which prompted a (rest of) industry wide response earlier this month.…

20 views read more 2008-07-29 09:27:29

Oracle warns over unpatched vuln Zero-day BEA WebLogic flaw gets up Oracle's bonnet Oracle has decided to break its quarterly update release cycle with plans to develop a patch against a zero-day exploit.…

20 views read more 2008-07-29 06:32:12

Oops - SF prosecutors put city passwords on public record Cunning plan San Francisco prosecutors have put the city's network at further risk by placing access passwords and usernames on the public record as part of their case against Terry Childs, the sysadm

16 views read more 2008-07-28 06:05:59

Security shocker: 75% of US Bank websites have flaws Insecure by design The vast majority of US bank websites jeopardize the security of their online customers by including design flaws that expose passwords and are susceptible to tampering by attackers

16 views read more 2008-07-25 18:13:53

High-priority patch fixes critical vulns in RealPlayer Available in Windows, Mac and Linux RealNetworks has issued an update that patches four security holes in its RealPlayer jukebox program, including a critical flaw that vulnerability tracker Secunia p

19 views read more 2008-07-25 17:30:11

World's biggest ISPs drag feet on critical DNS patch BT, AT&T among those putting subscribers at risk More than two weeks after security researchers warned of a critical defect in the net's address lookup system, some of the world's biggest internet

18 views read more 2008-07-24 19:24:24

Exploit code for Kaminsky DNS bug goes wild Still think threat is exaggerated? When Dan Kaminsky disclosed a critical flaw in the net's address lookup system earlier this month, he said it was crucial internet service providers and other organi

19 views read more 2008-07-24 13:10:02

Enough With Default Allow Revision 2 A revised version of the Enough With Default Allow in Web Applications! paper is now available for download. (My previous post on this topic is here.) The major changes in this version include: Decid

21 views read more 2008-07-24 09:11:00

Three ModSecurity Rule Language Annoyances There are three aspects of the ModSecurity Rule Language we are not very happy with. One comes from a wrong design decision (my own), with further two from constraints of working within the framework

27 views read more 2008-07-24 04:20:00

San Francisco sysadmin stays in jail for now Parts of city network still locked out The sysadmin accused of hijacking San Francisco's network may have surrendered the passwords needed to regain control of key parts of the system, but the move ha

18 views read more 2008-07-23 18:05:05