byteschlepper - Slashdot User

Apple Clients Still Vulnerable After DNS Patch 94

Posted by kdawson on Friday August 01, 2008 @05:29PM from the try-try-again dept.

Glenn Fleishman sends word that SANS Institute testing indicates that, even after installing Apple's latest patch for the DNS vulnerability, Leopard desktops (not servers) are still vulnerable — or at least perpetuate risky behavior that makes exploitation easier. This matters because "With servers rapidly being patched worldwide, it's likely that the low-hanging fruit disappears, and vectors [will be] designed to attack massive numbers of clients on ISP networks."

Apple Patches Kaminsky DNS Vulnerability 89

Posted by kdawson on Friday August 01, 2008 @08:48AM from the cache-me-if-you-can dept.

Alexander Burke writes "Apple has just released Security Update 2008-005, which patches BIND against the Kaminsky DNS poisoning issue. 'This update addresses the issue by implementing source port randomization to improve resilience against cache poisoning attacks. For Mac OS X v10.4.11 systems, BIND is updated to version 9.3.5-P1. For Mac OS X v10.5.4 systems, BIND is updated to version 9.4.2-P1.' It also closes the script-based local privilege escalation vulnerabilities, the most common examples of which were ARDAgent and SecurityAgent, and addresses other less-publicized security issues as well." A few days back we noted Apple's tardiness in fixing their corner of this Net-wide issue.

Microsoft's Open Source Guru Faces Tough Fight 432

Posted by samzenpus on Thursday July 31, 2008 @12:11AM from the in-hostile-territory dept.

coondoggie writes "Microsoft's Sam Ramji is like a turkey knocking on Thanksgiving's door. Ramji has the unenviable task of stretching his neck out into the open source world as Microsoft's representative. On top of it, his employer has preheated the oven with years of hubris, sleights of hand and broken promises. Ramji's Sisyphean task was evident last week in Portland at the Open Source Conference (OSCon) and will likely be fuel for chatter at next week's LinuxWorld gathering in San Francisco."

Emergency Workaround For Oracle 0-Day 152

Posted by kdawson on Tuesday July 29, 2008 @11:04PM from the maybe-somebody-shorted-the-stock dept.

Almost Live writes "Oracle has released an out-of-cycle alert to offer mitigation for a zero-day exploit that's been posted on the Internet. The emergency workaround addresses an unpatched remote buffer overflow that's remotely exploitable without the need for a username and password, and can result in compromising the confidentiality, integrity, and availability of the targeted system." Whoever published the vulnerability and matching exploit code did not contact Oracle first.

VMware ESXi Available For Free Starting Today 241

Posted by ScuttleMonkey on Monday July 28, 2008 @02:52PM from the free-always-sounds-better dept.

Mierdaan writes "VMware's bare-metal hypervisor is available for free starting today. ESXi, which can either be installed or run from an embedded device available in certain servers, has a 32MB footprint and gives small businesses an easy way to get into the virtualization world, with easy upgrade paths to enterprise-level features such as (H)igh (A)vailability and (D)istributed (R)esource (S)cheduler. ESXi runs on most any hardware with a server-class disk controller, and previously retailed for $495. VMware is obviously shooting to prevent Microsoft's Hyper-V technology from gaining a foothold in the marketplace."

Critical VMware Vulnerability, Exploit Released 104

Posted by kdawson on Thursday February 28, 2008 @03:41PM from the heads-up-incoming dept.

BaCa writes "Core Security has issued an advisory disclosing a vulnerability that could severely impact organizations relying on VMware's desktop virtualization software. It involves directory traversal using VMware's shared folders, and could allow an attacker access to the host system from a guest VM. Core also released an exploit for the vulnerability."

Microsoft Internal Emails Show Dismay With Vista 662

Posted by kdawson on Thursday February 28, 2008 @02:14PM from the you-scratch-my-back dept.

bfwebster writes "Microsoft is currently facing a class-action suit over its designation of allegedly under-powered hardware as being 'Vista Capable.' The discovery process of that lawsuit has now compelled Microsoft to produce some internal emails discussing those issues. The Seattle Post-Intelligencer has published extracts of some of those emails, along with a link to a a PDF file containing a more extensive email exchange. The emails reflect a lot of frustration among senior Microsoft personnel about Vista's performance problems and hardware incompatibilities. They also appear to indicate that Microsoft lowered the hardware requirements for 'Vista Capable' in order to include certain lower-end Intel chipsets, apparently as a favor to Intel: 'In the end, we lowered the requirement to help Intel make their quarterly earnings so they could continue to sell motherboards with 915 graphics embedded.' Read the whole PDF; it is informative, interesting, and at times (unintentionally) funny."

Submission + - Don't overlook command line processing

Submitted by Anonymous Coward on Saturday July 28, 2007 @11:30AM

An anonymous reader writes: Command-line processing is historically one of the most ignored areas in software development. Just about any relatively complicated software has dozens of available command-line options. The GNU tool gperf is a "perfect" hash function that, for a given set of user-provided strings, generates C/C++ code for a hash table, a hash function, and a lookup function. This article provides a reference for a good discussion on how to use gperf for effective command-line processing, and on command-line processing techniques in general.

PHP 4 End of Life Announcement 125

Posted by Zonk on Saturday July 14, 2007 @02:51AM from the sniffle dept.

perbert writes "The PHP development team has announced that support for PHP 4 will continue until the end of this year only. After 2007-12-31 there will be no more releases of PHP 4.4. Critical security fixes will be made available on a case-by-case basis until 2008-08-08. For documentation on migration for PHP 4 to PHP 5, there is a migration guide. There is additional information available in the PHP 5.0 to PHP 5.1 and PHP 5.1 to PHP 5.2 migration guides as well."

Submission + - Why software updates don't work (spikesource.com)

Submitted by on Wednesday July 11, 2007 @11:24AM

An anonymous reader writes: Every developer at some point needs to work out how to apply updates to their program. The larger the user base, the greater potential for failure. But why do software updates fail? Why are there IT standards for managing the risk of change but no standards for change itself? This new white paper Intelligent updates to configuration files analyses the existing technology such as MSI and RPM and why they let developers down and proposes a new approach.

Slashdot Top Deals