http://security.web2announcer.com/ Web 2.0 announcer top stories for Security en Sun, 27 Jul 2008 08:00:12 GMT http://web2announcer.com/go/2720927 unknown@Digg.com A new hack designed to exploit a weakness in the DNS protocol is out, just days after information on the exploit was accidentally posted online. A patch for the issue was released almost two weeks ago, but a significant number of servers are still vulnerable. Sun, 27 Jul 2008 08:00:12 GMT http://web2announcer.com/go/2720927Security http://web2announcer.com/go/2718413 unknown@Digg.com Today is SysAdmin Day, otherwise known System Administrator Appreciation Day. This "holiday" was first celebrated in 2000 and takes place annually on the last Friday in July. The goal, according to the SysAdmin Day website at sysadminday.com, it to give the guys and gals who maintain your computer network some love.. and perhaps some nifty gifties! Sat, 26 Jul 2008 00:10:02 GMT http://web2announcer.com/go/2718413Security http://web2announcer.com/go/2717625 unknown@DZone.com A customer participating in the SVNSearch beta round asked me about Single Sign-On solutions for SVNSearch. SSO has become something of holy grail in the Enterprise. Everyone wants it but few seem to really achieve it. The Wikipedia article for Single Single-On even cites a Gartner report stating that "no one can achieve it without a homogeneous IT infrastructure".
 
 What could be a better motivation than Gartner saying it's impossible? I decided I'd prove them wrong and took on the task to create a cross platform, Single Sign-On solution for SVNSearch. Fri, 25 Jul 2008 14:09:10 GMT http://web2announcer.com/go/2717625frameworksjavaSecurityProgramming http://web2announcer.com/go/2717243 unknown@DZone.com Article on DNS cache poisoning and how to protect yourself from it Fri, 25 Jul 2008 05:49:32 GMT http://web2announcer.com/go/2717243NewsSecuritytoolsweb servicesProgramming http://web2announcer.com/go/2714743 unknown@DZone.com WSO2 announced that it has extended its support for service-oriented architecture (SOA) governance through enhanced authentication. Version 1.5 of the WSO2 Identity Solution for strong Web authentication based on open standards and open source is now generally available and adds support for OpenID, a feature for decentralizing single sign-on. Additionally, WSO2 has joined the OpenID Foundation and is a founding member of the Information Card Foundation, which was launched June 23, 2008. Thu, 24 Jul 2008 03:14:11 GMT http://web2announcer.com/go/2714743Securitystandardsweb 2.0Programming http://web2announcer.com/go/2714363 unknown@DZone.com Kevin Mitnick has proven that the weakest link in any security system is the person holding the information. Wed, 23 Jul 2008 21:37:27 GMT http://web2announcer.com/go/2714363SecurityProgramming http://web2announcer.com/go/2711453 unknown@Digg.com During wartime, one of America's most solemn duties is to take care of its veterans. So why do careless government workers keep putting our vets at risk? Tue, 22 Jul 2008 18:10:03 GMT http://web2announcer.com/go/2711453Security http://web2announcer.com/go/2711642 unknown@DZone.com Dan Kaminsky's upcoming Black Hat preso on the recently discovered DNS cache posioning vulnerability has just been upstaged by its release into the wild. Tue, 22 Jul 2008 16:38:21 GMT http://web2announcer.com/go/2711642MicrosoftNewsSecurityserverProgramming http://web2announcer.com/go/2711259 unknown@DZone.com In 2006 I opened nine different e-mail addresses. On this page I published the nine e-mail addresses. But every address has been obfuscated by a different method. I made sure it’s getting indexed by Google by putting a link to that page on the tilllate.com homepage.
 
 Then I waited 1.5 years Tue, 22 Jul 2008 13:07:28 GMT http://web2announcer.com/go/2711259javascriptreviewsSecurityProgramming http://web2announcer.com/go/2710374 unknown@Digg.com Let's say for some reason someone has his or her caller ID blocked and is calling you all the time. Let's then say you really want to know who that person is for whatever reason -- not that we'd know anything about that. Some crafty phreaker types have come up with a way to do this using an enterprise-spec asterisk box and a SIP trunk provider. Tue, 22 Jul 2008 07:00:03 GMT http://web2announcer.com/go/2710374Security http://web2announcer.com/go/2709684 unknown@CNET News.com.com The New York conference, where attendees are tracked via RFID, attracts hacker celebrities including the guys behind the phone phreaker movement and the TV-B-Gone remote control. Mon, 21 Jul 2008 23:02:00 GMT http://web2announcer.com/go/2709684NewsSecurity http://web2announcer.com/go/2709602 unknown@DZone.com How installing the new version of Twhirl can be dangerous Mon, 21 Jul 2008 19:33:37 GMT http://web2announcer.com/go/2709602flash-flexriaSecurityProgramming http://web2announcer.com/go/2708715 unknown@Digg.com Kevin Mitnick knows that the weakest link in any security system is the person holding the information. As a young fugitive hacker,he went to jail for breaking into computer networks, mostly by using his cunning and persuasion than his tech skills. He was an early master of the science of social engineering -- making people into doing what you want Mon, 21 Jul 2008 12:20:03 GMT http://web2announcer.com/go/2708715Security http://web2announcer.com/go/2705566 unknown@DZone.com This is a step by step guide which explains how to manage your keystores with java keytool and openssl. Sat, 19 Jul 2008 05:37:46 GMT http://web2announcer.com/go/2705566javaSecurityProgramming http://web2announcer.com/go/2705567 unknown@DZone.com A while ago I blogged about how F5 was making mongrels better with a Side of Mayo. I referenced a blog post on Joyent's wonderful Joyeur blog on why Joyent uses F5's BIG-IP for their customers. Well, those krazy kids at Joyent are at it again... Sat, 19 Jul 2008 05:37:42 GMT http://web2announcer.com/go/2705567Securityweb 2.0web servicesProgramming http://web2announcer.com/go/2704298 unknown@DZone.com Most developers pay lip service to security, but there aren’t so many who actually take the time to actually secure their site. We usually leave it to the sys admins. Yes, those same sys admins who like to make our lives miserable by actually locking things down, not allowing us access and enforcing rules (how dare they!). But now, our web applications have become such a conglomerate of technologies such as ASP.NET, Ajax, Flash, Silverlight, SQL, WS-* and you name it that we’ve spread out our attack surface like icing on a cake. We need to reduce that surface as close to zero as possible. It’s not up to just the sys admins anymore, it’s up to us, the developers. Fri, 18 Jul 2008 13:14:48 GMT http://web2announcer.com/go/2704298.netSecuritytrendsProgramming http://web2announcer.com/go/2702680 unknown@DZone.com Version one goes gold! Visitors are landing from every corner of the globe. You know there are likely to be a few teething problems, I mean, this is 1.0.0.0… all those zeroes are meant to allow us a little grace right? Thu, 17 Jul 2008 16:54:34 GMT http://web2announcer.com/go/2702680how-tomethodologyphpSecurityProgramming http://web2announcer.com/go/2702490 unknown@DZone.com Ounce Labs recently discovered two vulnerabilities that can affect Java Web applications that use the Spring Framework. The company is working with SpringSource to ensure developers know how to protect against these security issues. Thu, 17 Jul 2008 14:56:49 GMT http://web2announcer.com/go/2702490frameworksjavaNewsSecurityProgramming http://web2announcer.com/go/2702386 unknown@DZone.com How many times, after proceeding with this shameful process, have you received an email containing your password? No, not a link to change your password or questions about your account that only you would know (that would eventually allow you in), your actual password in plain text! Thu, 17 Jul 2008 14:23:27 GMT http://web2announcer.com/go/2702386Securitytrendsweb designProgramming http://web2announcer.com/go/2701832 unknown@DZone.com Demand OpenID support for all the sites you sign into everyday. Thu, 17 Jul 2008 08:00:47 GMT http://web2announcer.com/go/2701832open sourceSecurityProgramming http://web2announcer.com/go/2701612 unknown@DZone.com Firefox 3.0 was released with much funfare and with lots of testing. But it turns out a lot of people have problems with the latest version of Firefox, when starting and installing addons. Most perpetual problems are related to hanging up of the GUI when Firefox starts and those missing their old addons that are not working in version 3.0... Important security fixes were released today in v3.0.1 Thu, 17 Jul 2008 05:23:51 GMT http://web2announcer.com/go/2701612announcementNewsopen sourceSecurityProgramming http://web2announcer.com/go/2701231 unknown@Digg.com Plans for a massive database snooping on the entire population were condemned yesterday as a ?step too far for the British way of life?. In an Orwellian move, the Home Office is proposing to detail every phone call, e-mail, text message, internet search and online purchase in the fight against terrorism and other serious crime. Thu, 17 Jul 2008 04:40:08 GMT http://web2announcer.com/go/2701231Security http://web2announcer.com/go/2700768 unknown@Digg.com The enigma began last year when a plain envelope with no return address arrived at the world-famous physics laboratory outside Chicago, addressed simply to "Fermilab." Inside was a single sheet marked by pen with a bizarre series of hash marks, numbers and alien-looking symbols. Wed, 16 Jul 2008 23:20:04 GMT http://web2announcer.com/go/2700768Security http://web2announcer.com/go/2699235 unknown@Digg.com For all of the places that Google Maps allows you to see, there are plenty of places that are off-limits. Whether it's due to government restrictions, personal-privacy lawsuits or mistakes, Google Maps has slapped a "Prohibited" sign on the following 51 places. Wed, 16 Jul 2008 06:20:03 GMT http://web2announcer.com/go/2699235Security http://web2announcer.com/go/2697844 unknown@Digg.com A disgruntled city computer engineer has virtually commandeered San Francisco's new multimillion-dollar computer network, altering it to deny access to top administrators even as he sits in jail on $5 million bail, authorities said Monday. Tue, 15 Jul 2008 16:27:33 GMT http://web2announcer.com/go/2697844Security http://web2announcer.com/go/2697189 unknown@DZone.com I'm toying with the idea of turning the Erlang Challenge into a real website. Why not using Grails? I thought the first thing I would need is a user login. Now, I hate logging into websites with a vengeance. Take Facebook for example. Maybe it's an incredible website but because I can't find out without signing up I haven't signed up. Tue, 15 Jul 2008 05:59:40 GMT http://web2announcer.com/go/2697189frameworksgroovySecurityProgramming http://web2announcer.com/go/2696179 unknown@DZone.com Servers with open SSH ports have recently begun to come under hacker attack, which seems to be coordinated, although it is not automatically reported because the hackers employ a brute force attack from more than one machine. Nazar Aziz, IT consultant and developer, has been vigilant enough to detect the attack, which started at the beginning of this month. Mon, 14 Jul 2008 20:12:19 GMT http://web2announcer.com/go/2696179NewsSecurityunix-linuxProgramming http://web2announcer.com/go/2695360 unknown@DZone.com Many websites will want to control who has access to what. Once embarked on this route, it turns out there are many situations where access control is appropriate, and they can easily become very complex. So in this chapter we look at the most highly regarded model role-based access control and find ways to implement it. The aim is to achieve a flexible and efficient implementation that can be exploited by increasingly sophisticated software. To show what is going on, the example of a file repository extension is used. Mon, 14 Jul 2008 12:44:22 GMT http://web2announcer.com/go/2695360how-tophpSecurityweb designProgramming http://web2announcer.com/go/2688076 unknown@Digg.com You may be complaining about the number of spam emails finding their way to your email account every day, but it may come as a surprise to you that the U.S. is actually not the most targeted country by spammers: According to a report released to today, Swiss users receive 10% more of spam than the average Internet user, and 23% more than U.S. users Thu, 10 Jul 2008 23:10:32 GMT http://web2announcer.com/go/2688076Security http://web2announcer.com/go/2688316 unknown@DZone.com The software trap is a programming feature used to capture an abnormal program running status. The general principle is to setup a trap for software, and redirect from the code out of control to a specified address, and get back to its normal running mode. The software traps can be placed between the user codes or after the jump instructions, or be placed in the unused space by a consecutive trap codes. Thu, 10 Jul 2008 22:39:14 GMT http://web2announcer.com/go/2688316Hardwarehow-toresearchSecurityProgramming http://web2announcer.com/go/2687951 unknown@Digg.com For modern pundits, "presumed guilty" has more entertainment value than "presumed innocent". In newspapers, on television and radio, and now on the Internet, pundits and politicians treat accusations as truth and make sweeping declarations of guilt-shattering lives without waiting for the legal system. Thu, 10 Jul 2008 22:10:06 GMT http://web2announcer.com/go/2687951Security http://web2announcer.com/go/2687015 unknown@Digg.com The Pirate Bay has ambitious plans to bring end-to-end encryption to all network activity, essentially blacking out a user's traffic from deep packet inspection gear and other prying eyes. Interesting project, sure, and definitely ambitious, but will it work? We doubt it, at least in the near term, and here's why. Thu, 10 Jul 2008 14:20:02 GMT http://web2announcer.com/go/2687015Security http://web2announcer.com/go/2685488 unknown@Digg.com Security researchers on Tuesday said they had discovered an enormous flaw that could let hackers steer most people using corporate computer networks to malicious websites of their own devising. Wed, 09 Jul 2008 22:30:08 GMT http://web2announcer.com/go/2685488Security http://web2announcer.com/go/2684618 unknown@Digg.com Gmail added protection from unauthorized logins Monday through new features allowing you to monitor usage and sign out remotely. Wed, 09 Jul 2008 14:50:04 GMT http://web2announcer.com/go/2684618Security http://web2announcer.com/go/2684807 unknown@DZone.com There are few things that aren’t better once salt has been added, and encryptions are no different. Adding a salt can make a simple encryption exponentially harder to break/crack. Thankfully, there are many other available encryption options that include salt, and the best part about adding salt to your encryption is how easily it can be done. Wed, 09 Jul 2008 13:18:09 GMT http://web2announcer.com/go/2684807how-toperlphpSecurityProgramming http://web2announcer.com/go/2683301 unknown@ma.gnolia.com Apple just gave out this guy's password! Saved By: Joshua Wehner | View Details | Give Thanks Wed, 09 Jul 2008 07:00:00 GMT http://web2announcer.com/go/2683301web developmentwebstandardsweb standardseducationwordpresspluginwebdesigncsshtmljavascriptjqueryinfoarchitectureprototypingbest practicestandardswebDesignweb designresourceie6pngformssign-upuser experiencetexturesAdobeerrorsinspirationfunnytweetdecktwitterairappnoiseserviceMusicreferenceAppleSecurity http://web2announcer.com/go/2683702 unknown@Digg.com Google has agreed to add a "privacy" link to its famously pure home page, but on the condition that the total word count remains the same. What gets the boot? "Google." Wed, 09 Jul 2008 06:10:06 GMT http://web2announcer.com/go/2683702Security http://web2announcer.com/go/2683300 unknown@Digg.com The term net neutrality, unless you?re a tech geek, conjures up thoughts of fair trade, international policy or possibly anti-fishing zones. Here's a clarification the oft confusing technical jargon slimmed down to only the necessary information: Wed, 09 Jul 2008 02:10:05 GMT http://web2announcer.com/go/2683300Security http://web2announcer.com/go/2683392 unknown@DZone.com TrueCrypt now performs parallel encryption and decryption operations on multi-core systems, giving you a phenomenal speedup if you have more than one processor available. Furthermore, it now has the ability to hide an entire operating system, so even if you're forced to reveal your pre-boot password to an adversary, you can give surrender a decoy. Tue, 08 Jul 2008 16:28:25 GMT http://web2announcer.com/go/2683392announcementopen sourceSecurityProgramming http://web2announcer.com/go/2681963 unknown@DZone.com You and I may have taken the 4th of July off, but the folks over at TrueCrypt didn't. Instead, they pushed out version 6.0 of their on-the-fly encryption utility, with more options than ever for protecting - and hiding - the critical data on your hard drives. Available for Linux, OS X, and Windows, the software is licensed under its own TrueCrypt license, which is not OSI-approved. Tue, 08 Jul 2008 10:07:35 GMT http://web2announcer.com/go/2681963open sourceSecuritystandardsProgramming http://web2announcer.com/go/2681817 unknown@DZone.com Microsoft has just released a free utility to help developers analyze ASP code for SQL Injection vulnerabilities. Earlier this year, several public sites went down when hackers unleashed a series of bots to find and exploit servers where developers did not correctly code their applications/pages to prevent SQL Injection attacks. Tue, 08 Jul 2008 08:22:55 GMT http://web2announcer.com/go/2681817databaseMicrosoftSecurityserverProgramming http://web2announcer.com/go/2680858 unknown@Digg.com In June the Swedish parliament passed a controversial surveillance law that gives authorities a mandate to read all email and listen in on all phone calls without warrant or court order. In response to the law, The Pirate Party organized rallies, bloggers and journalists turned into activists, and even Google decided to relocate their servers. Tue, 08 Jul 2008 00:50:03 GMT http://web2announcer.com/go/2680858Security http://web2announcer.com/go/2680767 unknown@Digg.com It's time to hack it. Mon, 07 Jul 2008 23:50:02 GMT http://web2announcer.com/go/2680767Security http://web2announcer.com/go/2680529 unknown@DZone.com After reading this discussion on Slashdot regarding an anti-virus agent pretending to be Internet Explorer and flooding sites with requests I waited to see a response come from an Apache fan on using mod_rewrite to detect and stop the flood of useless traffic coming from these robots. It was sure to come, particularly after the first post in the discussion pointed out how to use an iRule to detect and "nuke from orbit" these nasty little requests. I was not disappointed.
 
 It's not the case that the solution won't work. It will, and it's certainly a viable solution. At least if you're only running 2 or 3 web servers. And you don't care about the need to interrupt service to implement the solution. And you aren't worried about potentially introducing errors into the server configuration. And you're aren't running IIS or some other web server.
 
 There are a few very good reasons not to use Apache mod_rewrite for this kind of situation. Mon, 07 Jul 2008 18:32:44 GMT http://web2announcer.com/go/2680529open sourceSecurityservertoolsProgramming http://web2announcer.com/go/2680105 unknown@DZone.com The microcontroller is widely used in many devices, which works in environment. The microcontroller has to face the challenges from EMI, voltage stability, crystal failure and much other interference. If the interferences are strong enough to disturb the operation, the system design should be secure enough to deal with these matters, one good practice is to reset and go on with previous normal operation state . Mon, 07 Jul 2008 13:35:44 GMT http://web2announcer.com/go/2680105Hardwarehow-tomethodologySecurityProgramming http://web2announcer.com/go/2679465 unknown@ma.gnolia.com What's new in version 6? Plenty. One of the biggest advances is support for multiple processors, which provides a boost in the encryption/decryption speed equal to the number of processors/cores in use. Other tweaks have increased the overall speed by as much as 20% in some operations - on top of the parallel processing gains. Saved By: olga9999 | View Details | Give Thanks Mon, 07 Jul 2008 07:00:00 GMT http://web2announcer.com/go/2679465noiseserviceMusictweetdecktwitterairappiconsdesktopwebdesignwebformssign-upuser experienceDiigo - Pomgod's Bookmarksgraphicstagclouduptimefontfontscreativecreating fontsnoteNone assignedvoicemailDesignresourceinformationinfoarchitectureprototypingtruecryptSoftwareapplicationsSecurity http://web2announcer.com/go/2679410 unknown@DZone.com The administrators, however, have deemed it necessary to require me to enter my password in, by hand, every time i access their site. Now, since each of these sites required various levels of "added security" involving me typing in a password with both upper and lower case letters, a number, one or more non-alphanumeric characters, plus one or more characters from the original transcript of the Chronicles of Gilgamesh (mac users, please use Ancient Sanskrit), i'm far more likely to record said password somewhere other than my memory. Sun, 06 Jul 2008 20:15:05 GMT http://web2announcer.com/go/2679410opinionSecurityweb designProgramming http://web2announcer.com/go/2679280 unknown@Digg.com The nonprofit agency (ICANN) in charge of the Internet's addresses recently lost track of its own. Sun, 06 Jul 2008 07:46:40 GMT http://web2announcer.com/go/2679280Security http://web2announcer.com/go/2678698 unknown@Digg.com Hundreds of Lithuanian government and corporate Web sites were hacked and plastered with Soviet-era symbols and other digital graffiti this week in what appears to be a coordinated cyber attack launched by Russian hacker groups. Sat, 05 Jul 2008 21:36:26 GMT http://web2announcer.com/go/2678698Security http://web2announcer.com/go/2678267 unknown@DZone.com What if you could encode a Jar file as an image and trick the browser to run it? This is what Ben Lorica reported from a black hat briefing webinar: Sat, 05 Jul 2008 11:43:42 GMT http://web2announcer.com/go/2678267javaSecuritytoolsProgramming