Great Reviews!Need help setting up your website, installing Apache, PHP, MySQL, or RavenNuke(tm)?Need help customizing or designing scripts?Please contact us via the Contact Us option for further details and pricing.
DESCRIPTION: rPath has issued an update for gzip. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system.
Posted by Raven on Monday, March 08, 2010 @ 19:14:35 EST (727 reads) (Read More... | 921 bytes more | Score: 0)
Critical Security Release Announcement From PHPBB Group
From the PHPBB Group:
We are sorry to announce the immediate release of phpBB 3.0.7-PL1 to address a security issue which was introduced in 3.0.7, unfortunately the issue wasn't noticed during testing and has only surfaced a week after the release of 3.0.7.
We promised working feeds for phpBB 3.0.7. Sadly, we were not able to deliver on that promise - a critical bug in the permission handling for feeds slipped past. To all people who already have updated to 3.0.7, it is of critical importance to update to 3.0.7-PL1. Otherwise, it is possible for users to bypass permission settings under the following circumstances:
- Feeds are enabled
- Any of the posts or topics feeds are enabled
- The unauthorised user - or one of the groups they are a member of - has forum permissions set on a private forum
- If you have excluded a forum from the list of forums that provide feeds, it is unaffected
The fix for the issue is a single line change inside of feed.php, line 525 has changed from:
Posted by Raven on Saturday, March 06, 2010 @ 00:51:16 EST (644 reads) ( | Score: 0)
Moving on – the future of phpBB development
Read the full article from the PHPBB Blog at http://blog.phpbb.com/2010/02/18/moving-on-the-future-of-phpbb-development/
Over the last few weeks we have made a few important decisions, that we believe can positively impact phpBB development. These include changes to development infrastructure as well as our development model. I will briefly outline these changes here, more details will be posted on the blog or as an announcement soon.
Posted by Raven on Saturday, March 06, 2010 @ 00:42:24 EST (583 reads) ( | Score: 0)
Microsoft open-sources clever U-Prove identity framework
nb1 writes "U-Prove, a powerful framework that couples strong privacy with high security for online authentication, has been released as an open source preview by Microsoft. Unfortunately, even open source is unlikely to ensure widespread adoption of this clever—and highly desirable—technology
Posted by Raven on Thursday, March 04, 2010 @ 00:31:15 EST (603 reads) ( | Score: 0)
Microsoft's *Operation b49* chokes Waledac botnet
Microsoft’s Digital Crimes Unit has effectively shut down the Waledac botnet, cutting off cybercriminal access to hundreds of thousands of infected Windows computers around the world.
In partnership with security vendors and law enforcement officials, Microsoft implemented “Operation b49″ and moved to the federal courts to get a temporary restraining order cutting off 277 Internet domains believed to be run by criminals as the Waledac bot.
According to Microsoft associate general counsel Tim Cranton, the action quickly and effectively cut off traffic to Waledac at the “.com” or domain registry level, severing the connection between the command and control centers of the botnet and most of its thousands of zombie computers around the world.
Waledac is one of the 10 largest botnets in the US and is responsible to distributing billions of spam messages around the world. According to Microsoft, the botnet is estimated to have infected hundreds of thousands of computers around the world and, prior to this action, was believed to have the capacity to send over 1.5 billion spam emails per day.
Posted by Raven on Tuesday, March 02, 2010 @ 01:30:26 EST (552 reads) ( | Score: 0)
What enterprise still uses IE 6? Try Intel
Internet Explorer 6 is a relic, but corporations continue to cling to it. At this point, IE 6 in the enterprise is common, but it’s nonetheless surprising when Intel—Microsoft’s long-time partner—is still using the ancient browser.
In a blog post walking through its implementation of Windows 7, Intel talked a lot about the “heavy lifting” involved with moving from XP to Windows 7.
Turns out the browser is part of the heavy lifting.
DESCRIPTION: Tielei Wang has discovered a vulnerability in Google Picasa, which can be exploited by malicious people to potentially compromise a user's system. Successful exploitation may allow execution of arbitrary code.
Posted by Raven on Wednesday, February 24, 2010 @ 22:35:15 EST (666 reads) (Read More... | 1128 bytes more | Score: 0)
Chatroulette offers random webcam titillation
I know this isn't the usual content for this site but I found it, well, interesting. Would this be classified as a "social" site? Feel free to discuss it in the forums if interested.
On Chatroulette, a new and controversial Web site, every click lands you in a face-to-face video conversation with a random stranger.
The setup is simple: Activate your webcam and click "play." Then, as people from all over the world pop up one at a time in a box on your screen, you decide whether or not to chat with them. If you don't like the looks of things, click "next" and the site shuffles you to someone new.
The people you meet could be friendly. During a recent CNN test of the site, a man from France popped up on the screen wearing a jester's hat and telling jokes in French. Two men dressed as skeletons were having a dance party to techno music and flashing lights. A slouched-over man in Tunisia said he was tired because he'd been on the site for four hours.
Posted by Raven on Tuesday, February 23, 2010 @ 07:36:19 EST (812 reads) ( | Score: 0)
Bloom Box Black SEO
Websense Security Labs(TM) ThreatSeeker(TM) Network has detected that search terms related to the Bloom Energy and its Bloombox Fuel Cell have become the latest target for Blackhat SEO poisoning attacks.
Bloom Box is a breakthrough technology in the energy sector that could revolutionize the way electricity is generated today. As people become interested in finding more information on this technology, related search terms are currently gaining momentum, and as they do so Blackhat SEO attacks are starting to climb up the search result listings.
At the moment, according to the VirusTotal report only 10% of antivirus products are detecting the threat.
Websense® Messaging and Websense Web Security customers are protected against this attack.
Posted by Raven on Monday, February 22, 2010 @ 21:18:45 EST (556 reads) ( | Score: 0)
Expose: Why we don't trust Devil Mountain Software (and neither should you)
From InfoWorld Editor in Chief Eric Knorr:
"On Friday, Feb. 19, we discovered that one of our contributors, Randall C. Kennedy, had been misrepresenting himself to other media organizations as Craig Barth, CTO of Devil Mountain Software (aka exo.performance.network), in interviews for a number of stories regarding Windows and other Microsoft software topics. Devil Mountain Software is a business Kennedy established that specializes in the analysis of Windows performance data. There is no Craig Barth, and Kennedy has stated that this fabrication was a misguided effort to separate himself (or more accurately, his InfoWorld blogger persona) from his Devil Mountain Software business.
Integrity and honesty are core to InfoWorld’s mission of service to IT professionals, and we view Kennedy’s actions as a serious breach of trust. As a result, he will no longer be a contributor to InfoWorld, and we have removed his blog from this site.
Over the past 10 years, Kennedy has contributed valuable information on Windows performance and other technical issues to InfoWorld and its readers — insight and analysis we still believe to be accurate and reliable. Based on our discovery, however, we cannot continue our relationship with Kennedy. Questions about this matter may be directed to Kennedy at rck@xpnet.com. We apologize to our readers."