Monthly Archives: June 2012

Disaster Awaits U.S. Power Grid As Cybersecurity Lags


By
The Vigilant Application Owner

CNET – (National) Disaster awaits U.S. power grid as cybersecurity lags. Security technology used by U.S. electric utilities is flawed and could increase the odds of computer intrusions or sabotage, warns the co-chair of the North American Energy Standards Board’s (NAESB) Critical Infrastructure Committee. NAESB scheduled a committee vote June 14 to decide when the […]

Continue reading...

Software Update Site For Hospital Respirators Found Riddled With Malware


By
The Vigilant Application Owner

Threatpost – (National; California) Software update site for hospital respirators found riddled with malware. A Web site used to distribute software updates for a wide range of medical equipment has been blocked by Google after it was found to be riddled with malware and serving up attacks, Threatpost reported June 14. The site belongs to […]

Continue reading...

Reinventing Wheels and Opportunity Cost (or Why you Need to use Nexus)


June 13, 2012 By
Tim O'Brien

I hear two sentences.. often. It’s either: “We’re not big enough for a repository manager.” Or, the increasingly popular, “We built our own repository manager. It’s just a caching HTTP Proxy.” I can understand the first statement. People usually think “they are not big enough” for a repository manager when they haven’t understood that running […]

Continue reading...

Stop, Drop, and Upgrade Java: “Oracle Patches Java Security”


June 12, 2012 By
The Vigilant Application Owner

This came across the security feed yesterday, and we wanted to make sure that everyone understood that this critical patch upgrade is something you should install…now. A CVSS base score of 10.0 is a big deal (you can read all about the CVSS here), but what you need to know from an application security perspective […]

Continue reading...

Simple Authentication Bypass For MySQL Root Revealed


June 11, 2012 By
The Vigilant Application Owner

H Security – (International) Simple authentication bypass for MySQL root revealed. Exploits for a recently revealed MySQL authentication bypass flaw are now in the wild, partly because the flaw is simple to exploit to gain root access to the database, experts said. The only mitigating factor appears to be that it depends on the C […]

Continue reading...

Adobe Patches Critical Flash Bugs, Ships Sandboxed Plug-in For Firefox


June 8, 2012 By
The Vigilant Application Owner

Computerworld – (International) Adobe patches critical Flash bugs, ships sandboxed plug-in for Firefox. June 8, Adobe patched seven critical vulnerabilities in Flash Player — the fifth security update so far in 2012 — and released a sandboxed plug-in for Mozilla’s Firefox. The company also released the “silent update” tool for OS X, and said it […]

Continue reading...

The md5crypt() Author Says The Algorithm Is No Longer Secure


By
The Vigilant Application Owner

Inquirer – (International) The md5crypt() author says the algorithm is no longer secure. The author of md5crypt(), which is used to encrypt passwords on some FreeBSD and Linux-based operating systems, said it is no longer secure despite being recommended as a password hashing function. He implemented a researcher’s MD5 one-way hashing algorithm in his md5crypt() […]

Continue reading...