Monthly Archives: August 2012

Dogfooding Sonatype Insight: We found Vulnerabilities in Nexus


August 13, 2012 By
Tim O'Brien

“Dogfooding” is such a strange word, and I’m using it as a substitute for “Eating your own dog food”. As we do have a global audience, I worry that the term is somewhat provincial (and maybe a bit strange out of context). So here, here’s the explanation of this idiom on Wikipedia. Sonatype is “recursive”. […]

Continue reading...

Best Strategy for Migrating from Apache Ant to Apache Maven


August 9, 2012 By
Tim O'Brien

Whenever I teach a Maven training class someone invariably asks me to give some advice for migrating a large, complex Ant project to Maven. Toward the end of the class, I’ll take questions: Participant: “Could you give us some guidance for migrating Ant projects to Maven? Is there a process that you recommend to make […]

Continue reading...

Internet Attacks From China And US Increased In First Quarter Of 2012


By
The Vigilant Application Owner

IDG News Service – (International) Internet attacks from China and US increased in first quarter of 2012, report says. China and the United States were the two largest sources of Internet-attack traffic in the first quarter of 2012, increasing to account for 16 percent and 11 percent respectively, according to Akamai Technologies. Attack traffic from […]

Continue reading...

Securing Repository Credentials with Nexus Pro User Tokens


August 8, 2012 By
Tim O'Brien

Until yesterday I had a Maven Settings file in ~/.m2/settings.xml that contained following XML: <server> <id>central</id> <username>tobrien</username> <password>ch1c@g0r00lz</password> </server> Silly, right? The only way to authenticate against Nexus was to drop my plaintext username and password in my Settings file, for anyone who gained access to my laptop to see. I’ve never been too happy […]

Continue reading...

Nexus 2.1 Now Available, Go Get It


August 7, 2012 By
Tim O'Brien

This is a big release. We’re announcing the immediate availability of Nexus 2.1, the first minor version update since the Nexus 2.0 release earlier this year. This simultaneous release of both Nexus Open Source and Nexus Professional caps off months of effort to implement two major features in Nexus Professional: User Tokens – Developers who […]

Continue reading...

Attackers Go Phising For Payroll Workers With Java CVE-2012-1723 Exploit


August 6, 2012 By
The Vigilant Application Owner

Threatpost – (International) Attackers go phishing for payroll workers with Java CVE-2012-1723 exploit. Java flaw CVE-2012-1723 that Oracle patched in June has been the target of several pieces of malware and Web-based attacks recently. Now researchers indicate there is a phishing scam targeting payroll and HR employees that involves an exploit for the Java bug […]

Continue reading...

Scope Of APT’s More Widespread Than Thought


August 2, 2012 By
The Vigilant Application Owner

Dark Reading – (International) Scope of APTs more widespread than thought. A researcher discovered some 200 different families of custom malware used to spy and steal intellectual property, with hundreds of attackers in just two groups out – 14 – of Shanghai and Beijing, suggesting cyberespionage malware and activity is far more prolific than imagined. […]

Continue reading...