CWmike writes "Google has released for free one of its internal tools used for testing the security of Web-based applications. Ratproxy, released under an Apache 2.0 software license, looks for a variety of coding problems in Web applications. A 2006 survey by the Web Application Security Consortium found that 85.57 percent of 31,373 sites were vulnerable to cross-site scripting attacks, 26.38 percent were vulnerable to SQL injection and 15.70 percent had other faults that could lead to data loss."

Continent1106 writes "Hacker Michal Zalewski has ratcheted up his ongoing assault on Web browser security models, releasing details on serious flaws in fully patched versions of IE6, IE7 and Firefox 2.0. The vulnerabilities could cause cookie stealing, page hijacking, memory corruption, code execution, and URL bar spoofing attacks." Here is Zalewski's post to Full Disclosure.

FLOSSisnot4Teeth writes "You probably are familiar with Nagios and Webmin as two of the most widely deployed open source systems management applications. However, this month's SourceForge.net Project of the Month is probably a newcomer to open source systems and network administrators. Zenoss Core is a systems monitoring platform, released under GPL and over the last year it's become one of the most popular SF.net projects. Unlike most of these new "commercially backed" open source projects, Zenoss Core is the only version, their corporate sponsor doesn't offer a "pro version". Also their developers have been committing code back to other projects like RRDTool and Twisted. I have been playing around with Zenoss for about six months and have been totally impressed. Would be curious to see what other Slashdot readers think." SourceForge.net and Slashdot are both owned by OSTG.

RJ2770 writes "Microsoft has started a project for their partners to help identify the personas of different Linux users in an attempt to sway them toward Microsoft products. In addition to the web site there is a podcast on the market research behind the project, again directed at Microsoft's selling partners."

prostoalex writes "2007 ACM International Collegiate Programming Contest is over with Warsaw University (Poland) winning it this year and solving all of the problems. The runner-up, Tsinghua University (China), finished with 7 problems solved, while St. Petersburg University of IT, Mechanics and Optics (Russia) and MIT (USA) are tied up for the third place with 6 problems solved. There were 6000 teams initially in the running, and in the final round of the competition only 88 remained."

eldavojohn writes "Steve Ballmer spoke to the Seattle PI this week, commenting that Google's pace of employee growth is 'insane,' and the company has few successful businesses outside of Internet search and advertising. He referred to Google's non-search efforts as 'cute.' Google's current number of employees is nearly doubling each year. 'I don't really know that anybody's proven that a random collection of people doing their own thing actually creates value.' Mr. Ballmer went on complain that, in general, competition for good programmers has become an issue. Even 'hedge funds' are looking for skilled coders, making the HR fight between the two companies that much more challenging."

hcmtnbiker writes with news of a logic flaw shared by IE 7 and Firefox 2.0. IE 5.01, IE 6, and Firefox 1.5.0.9 are also affected. The flaw was discovered by Michal Zalewski, and is easily demonstrated on IE7 and Firefox. The vulnerability is not platform-specific, but these demonstrations are — they work only on Windows systems. (Microsoft says that IE7 on Vista is not vulnerable.) From the vulnerability description: "In all modern browsers, form fields (used to upload user-specified files to a remote server) enjoy some added protection meant to prevent scripts from arbitrarily choosing local files to be sent, and automatically submitting the form without user knowledge. For example, '.value' parameter cannot be set or changed, and any changes to .type reset the contents of the field... [in this attack] the keyboard input in unrelated locations can be selectively geared toward input fields by the attacker."

jeevesbond writes "The Mono Project announced that it has developed a Visual Basic compiler that will enable software developers who use Microsoft Visual Basic to run their applications on any platform that supports Mono, such as Linux, without any code modifications."

lopy writes "First Google claimed the internet infrastructure won't scale to provide an acceptable user experience for online video. Then some networking experts predict that a flu pandemic would bring the internet to it's knees and lead to internet rationing. We used to think that bandwidth would always increase as needed, but what would happen if that isn't the case? How would you deal with a global bandwidth shortage? Would you be willing to voluntarily limit your internet usage if necessary? Could you live in a world without cheap and plentiful broadband internet access?"

We've all heard of Google bombing; the US Government may be taking the expression rather literally. Planning is now underway across the government for the proper way to respond to a cyber attack, and options on the table include launching a cyber counterattack or even bombing the attack's source. The article makes clear that no settled plan is in place, and quotes one spokesman as saying "the preferred route would be warning the source to shut down the attack before a military response." That's assuming the source could be found. From the article: "If the United States found itself under a major cyberattack aimed at undermining the nations critical information infrastructure, the Department of Defense is prepared, based on the authority of the president, to launch a cyber counterattack or an actual bombing of an attack source."

Hymer writes "Reuters is reporting that Novell may be banned from selling Linux. In the wake of the (much maligned) Novell/Microsoft deal, the Free Software Foundation is reviewing Novell's right to sell the operating system at all. The foundation controls the rights to key parts of the operating system, and council for the organization said that 'the community wants to interfere any way it can' with the Novell business arrangement. No decision has yet been reached, but one should be made in the next two weeks." Is this a measured response, or an over-reaction to the Novell/Microsoft arrangement?

jeremy_white writes "I'm happy to announce that we've shipped version 6.0 of CrossOver, for both the Mac and Linux. We have a full changelog available; highlights are are Outlook 2003 and support for games, notably World of Warcraft and Steam based games. I can attest that World of Warcrac...er craft is the most well tested application we have ever supported. It's exciting to watch the Wine project progress — it's a great and growing community of developers (which is a good thing, as we're now all too busy grinding Honor in Alterac Valley to keep up our pace of contributions :-/)."

LqdEngineer asks: "How many of you use or have used a Dead Man's Switch designed to perform some action if you don't check in for a certain amount of time? Recently, I decided to put one together using MySQL and some cron jobs, but I wanted to see what others have their switches set up to do in the event you fail to check in. E-mails to loved ones? Send encryption keys to friends/family? Hate mail to your boss? Has anyone ever been on the receiving end of the results of such a system?"

tridium asks: "I recently moved into a new place where the landlord left a Linksys WRT54G v2 router for us to use. The three laptops in the house running XP connected to it fine, but my desktop, running Vista RC1 build 5600, had to be hardwired. The Internet worked fine for a bit, but I noticed some websites weren't loading up (Google, Gmail, and several others), and IM clients weren't working. Vista's self-diagnosis said it couldn't communicate with the DNS server, so I researched and it seems the new TCP stack in Vista is wreaking havoc with my router. I upgraded the firmware from Linksys, tried manually setting IP settings, modified the registry to disable TCP window stacking, but nothing helped. Linksys support was also useless in fixing the problem. I'm at a loss and any help, short of downgrading to XP, would be greatly appreciated." Other people have experienced problems getting Vista to work with off-the-shelf routers. A thread from September identifies the new window scaling feature as a potential culprit, while another article says that Vista and SPI-enabled routers don't play well together. Whether the problem is related is unknown, but another thread offers some troubleshooting tips for anyone else who may be experiencing this problem. Has anyone figured out how to disable (or at least work around) some of the more troubling aspects of Vista's new TCP 'features'?

rar42 writes "The Inquirer is reporting on an analysis of Vista by Peter Gutmann — a medical imaging specialist. This isn't the usual anti-Microsoft story — just a professional looking at what is going to happen to his computer if it is upgraded to Microsoft Vista. From the article: 'Windows Vista includes an extensive reworking of core OS elements in order to provide content protection for so-called "premium content", typically HD data from Blu-Ray and HD-DVD sources. Providing this protection incurs considerable costs in terms of system performance, system stability, technical support overhead, and hardware and software cost,' says Gutmann."