Greg-ToolsSections |
RSS /
Securite InformatiqueIndex (hide) 1. Sources
2. Bruce ScnheierDon't squid me, bro. »
[+] Doomsday SheltersSelling fear: The Vivos network, which offers partial ownerships similar to a timeshare in underground shelter communities, is one of several ventures touting escape from a surface-level calamity. Yip Harburg commented on the subject about half a century ago, and the Chad Mitchell Trio recited it. It's at about 0:40 on the recording, though the rest is worth listening to as well. Hammacher Schlemmer is selling a shelter, »
[+] Hacking ATMsHacking ATMs to spit out money, demonstrated at the Black Hat conference: The two systems he hacked on stage were made by Triton and Tranax. The Tranax hack was conducted using an authentication bypass vulnerability that Jack found in the system's remote monitoring feature, which can be accessed over the Internet or dial-up, depending on how the owner configured the machine. EDITED TO ADD (7/30): Another two articles. "Who controls the off switch?" by Ross Anderson and Shailendra Fuloria. Abstract: We're about to acquire a significant new cybervulnerability. The world's energy utilities are starting to install hundreds of millions of 'smart meters' which contain a remote off switch. Its main purpose is to ensure that customers who default on their payments can be switched remotely to a prepay tariff; secondary purposes include supporting interruptible tariffs and implementing rolling power cuts at times of supply shortage. The two have another paper on the economics of smart meters. Blog post here. The DNSSEC root key has been divided among seven people: Part of ICANN's security scheme is the Domain Name System Security, a security protocol that ensures Web sites are registered and "signed" (this is the security measure built into the Web that ensures when you go to a URL you arrive at a real site and not an identical pirate site). Most major servers are a part of DNSSEC, as it's known, and during a major international attack, the system might sever connections between important servers to contain the damage. That's a secret sharing scheme they're using, most likely Shamir's Secret Sharing. Paul Kane -- who lives in the Bradford-on-Avon area -- has been chosen to look after one of seven keys, which will 'restart the world wide web' in the event of a catastrophic event. Dan Kaminsky is another. I don't know how they picked those countries. Okay, this is just weird: Mark S. Price, a specialist in public security, and his privately held company, Paradise Lost Antiterrorism Network of America (www.plan-a.us), have recently applied to the United States Patent and Trademark Office for a Utility Patent on their Suicide Bomb Deterrent, a security device designed, manufactured and distributed by PLAN-A. This device has been designed to warn and deter potential fanatical religious suicide bomb-wielding terrorists from otherwise detonating an explosive charge within close proximity of said device, to the intended end of successfully accomplishing its namesake purpose of Suicide Bomb Deterrent and the protecting and preserving of all life and property otherwise in mortal and destructive danger. Reading the partial patent application on their minimal website, it appears to be a packet of pork product, combined with a big sign saying something like: "Warning. If you blow up a bomb right here, you'll get pork stuff all over you before you die -- which might be suboptimal from a religious point of view." This appears to not be a joke. It's a service: The mechanism used involves captured network traffic, which is uploaded to the WPA Cracker service and subjected to an intensive brute force cracking effort. As advertised on the site, what would be a five-day task on a dual-core PC is reduced to a job of about twenty minutes on average. For the more ?premium? price of $35, you can get the job done in about half the time. Because it is a dictionary attack using a predefined 135-million-word list, there is no guarantee that you will crack the WPA key, but such an extensive dictionary attack should be sufficient for any but the most specialized penetration testing purposes. FAQ here. In related news, there might be a man-in-the-middle attack possible against the WPA2 protocol. Man-in-the-middle attacks are potentially serious, but it depends on the details -- and they're not available yet. »
[+] 1921 Book on ProfilingHere's a book from 1921 on how to profile people. An article from The Economist makes a point that I have been thinking about for a while: the modern technology makes life harder for spies, not easier. It used to be the technology favored spycraft -- think James Bond gadgets -- but more and more, technology favors spycatchers. The ubiquitous collection of personal data makes it harder to maintain a false identity, ubiquitous eavesdropping makes it harder to communicate securely, the prevalence of cameras makes it harder to not be seen, and so on. I think this an example of the general tendency of modern information and communications technology to increase power in proportion to existing power. So while technology makes the lone spy more effective, it makes an institutional counterspy organization much more powerful. [+ desc]
3. Secunia
Stack-Terrorist has reported a vulnerability in the ConcoursPhoto module for KwsPHP, which can be exploited by malicious people to conduct SQL injection attacks. Be sure to check if your system is missing security updates or have insecure applications installed: http://secunia.com/software_inspector/ Feature Overview - The Secunia Software Inspector: * Detects insecure versions of applications installed * Verifies that all Microsoft patches are applied * Assists you in updating your system and applications * Runs through your browser. No installation or download is required.
Some security issues and vulnerabilities have been reported in Nortel Communication Server, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system. Be sure to check if your system is missing security updates or have insecure applications installed: http://secunia.com/software_inspector/ Feature Overview - The Secunia Software Inspector: * Detects insecure versions of applications installed * Verifies that all Microsoft patches are applied * Assists you in updating your system and applications * Runs through your browser. No installation or download is required.
irvian has discovered a vulnerability in LiveCart, which can be exploited by malicious people to conduct SQL injection attacks. Be sure to check if your system is missing security updates or have insecure applications installed: http://secunia.com/software_inspector/ Feature Overview - The Secunia Software Inspector: * Detects insecure versions of applications installed * Verifies that all Microsoft patches are applied * Assists you in updating your system and applications * Runs through your browser. No installation or download is required.
A security issue has been reported in ezRADIUS, which can be exploited by malicious people to disclose sensitive information. Be sure to check if your system is missing security updates or have insecure applications installed: http://secunia.com/software_inspector/ Feature Overview - The Secunia Software Inspector: * Detects insecure versions of applications installed * Verifies that all Microsoft patches are applied * Assists you in updating your system and applications * Runs through your browser. No installation or download is required.
A security issue has been reported in Symantec Altiris Deployment Solution, which can be exploited by malicious, local users to disclose sensitive information and potentially gain escalated privileges. Be sure to check if your system is missing security updates or have insecure applications installed: http://secunia.com/software_inspector/ Feature Overview - The Secunia Software Inspector: * Detects insecure versions of applications installed * Verifies that all Microsoft patches are applied * Assists you in updating your system and applications * Runs through your browser. No installation or download is required.
A vulnerability has been reported in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or to manipulate certain data. Be sure to check if your system is missing security updates or have insecure applications installed: http://secunia.com/software_inspector/ Feature Overview - The Secunia Software Inspector: * Detects insecure versions of applications installed * Verifies that all Microsoft patches are applied * Assists you in updating your system and applications * Runs through your browser. No installation or download is required.
Sun has acknowledged some vulnerabilities in Solaris, which can be exploited by malicious users to cause a DoS (Denial of Service). Be sure to check if your system is missing security updates or have insecure applications installed: http://secunia.com/software_inspector/ Feature Overview - The Secunia Software Inspector: * Detects insecure versions of applications installed * Verifies that all Microsoft patches are applied * Assists you in updating your system and applications * Runs through your browser. No installation or download is required.
A vulnerability has been reported in Sun Solaris, which can be exploited by malicious people to bypass certain security restrictions. Be sure to check if your system is missing security updates or have insecure applications installed: http://secunia.com/software_inspector/ Feature Overview - The Secunia Software Inspector: * Detects insecure versions of applications installed * Verifies that all Microsoft patches are applied * Assists you in updating your system and applications * Runs through your browser. No installation or download is required.
__GiReX__ has reported a security issue in LightNEasy, which can be exploited by malicious people to disclose sensitive information. Be sure to check if your system is missing security updates or have insecure applications installed: http://secunia.com/software_inspector/ Feature Overview - The Secunia Software Inspector: * Detects insecure versions of applications installed * Verifies that all Microsoft patches are applied * Assists you in updating your system and applications * Runs through your browser. No installation or download is required.
A vulnerability has been reported in Sun Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service). Be sure to check if your system is missing security updates or have insecure applications installed: http://secunia.com/software_inspector/ Feature Overview - The Secunia Software Inspector: * Detects insecure versions of applications installed * Verifies that all Microsoft patches are applied * Assists you in updating your system and applications * Runs through your browser. No installation or download is required.
poplix has reported some vulnerabilities in Parallels VZPP, which can be exploited by malicious people to conduct cross-site request forgery attacks and potentially compromise a vulnerable system. Be sure to check if your system is missing security updates or have insecure applications installed: http://secunia.com/software_inspector/ Feature Overview - The Secunia Software Inspector: * Detects insecure versions of applications installed * Verifies that all Microsoft patches are applied * Assists you in updating your system and applications * Runs through your browser. No installation or download is required.
Debian has issued an update for rsync. This fixes a vulnerability, which can potentially be exploited by malicious users to cause a DoS (Denial of Service) or to compromise a vulnerable system. Be sure to check if your system is missing security updates or have insecure applications installed: http://secunia.com/software_inspector/ Feature Overview - The Secunia Software Inspector: * Detects insecure versions of applications installed * Verifies that all Microsoft patches are applied * Assists you in updating your system and applications * Runs through your browser. No installation or download is required.
A vulnerability has been reported in rsync, which can potentially be exploited by malicious users to cause a DoS (Denial of Service) or to compromise a vulnerable system. Be sure to check if your system is missing security updates or have insecure applications installed: http://secunia.com/software_inspector/ Feature Overview - The Secunia Software Inspector: * Detects insecure versions of applications installed * Verifies that all Microsoft patches are applied * Assists you in updating your system and applications * Runs through your browser. No installation or download is required.
Ubuntu has issued an update for rsync. This fixes a vulnerability, which can potentially be exploited by malicious users to cause a DoS (Denial of Service) or to compromise a vulnerable system. Be sure to check if your system is missing security updates or have insecure applications installed: http://secunia.com/software_inspector/ Feature Overview - The Secunia Software Inspector: * Detects insecure versions of applications installed * Verifies that all Microsoft patches are applied * Assists you in updating your system and applications * Runs through your browser. No installation or download is required.
Some vulnerabilities have been reported in EMC DiskXtender, which can be exploited by malicious people to bypass certain security restrictions or by malicious users to compromise a vulnerable system. Be sure to check if your system is missing security updates or have insecure applications installed: http://secunia.com/software_inspector/ Feature Overview - The Secunia Software Inspector: * Detects insecure versions of applications installed * Verifies that all Microsoft patches are applied * Assists you in updating your system and applications * Runs through your browser. No installation or download is required.
dun has reported a vulnerability in Ksemail, which can be exploited by malicious people to disclose sensitive information. Be sure to check if your system is missing security updates or have insecure applications installed: http://secunia.com/software_inspector/ Feature Overview - The Secunia Software Inspector: * Detects insecure versions of applications installed * Verifies that all Microsoft patches are applied * Assists you in updating your system and applications * Runs through your browser. No installation or download is required.
A vulnerability has been reported in Sun Grid Engine, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Be sure to check if your system is missing security updates or have insecure applications installed: http://secunia.com/software_inspector/ Feature Overview - The Secunia Software Inspector: * Detects insecure versions of applications installed * Verifies that all Microsoft patches are applied * Assists you in updating your system and applications * Runs through your browser. No installation or download is required.
Debian has issued an update for gnumeric. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. Be sure to check if your system is missing security updates or have insecure applications installed: http://secunia.com/software_inspector/ Feature Overview - The Secunia Software Inspector: * Detects insecure versions of applications installed * Verifies that all Microsoft patches are applied * Assists you in updating your system and applications * Runs through your browser. No installation or download is required.
Gentoo has issued an update for tomcat. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions, by malicious users to disclose potentially sensitive information, and by malicious people to manipulate certain data or to disclose sensitive information. Be sure to check if your system is missing security updates or have insecure applications installed: http://secunia.com/software_inspector/ Feature Overview - The Secunia Software Inspector: * Detects insecure versions of applications installed * Verifies that all Microsoft patches are applied * Assists you in updating your system and applications * Runs through your browser. No installation or download is required.
Gentoo has issued an update for am-utils. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges. Be sure to check if your system is missing security updates or have insecure applications installed: http://secunia.com/software_inspector/ Feature Overview - The Secunia Software Inspector: * Detects insecure versions of applications installed * Verifies that all Microsoft patches are applied * Assists you in updating your system and applications * Runs through your browser. No installation or download is required.
Gentoo has issued an update for lighttpd. This fixes a security issue and a vulnerability, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service). Be sure to check if your system is missing security updates or have insecure applications installed: http://secunia.com/software_inspector/ Feature Overview - The Secunia Software Inspector: * Detects insecure versions of applications installed * Verifies that all Microsoft patches are applied * Assists you in updating your system and applications * Runs through your browser. No installation or download is required.
t0pP8uZz has reported two vulnerabilities in iScripts SocialWare, which can be exploited by malicious users to compromise a vulnerable system, and by malicious people to conduct SQL injection attacks. Be sure to check if your system is missing security updates or have insecure applications installed: http://secunia.com/software_inspector/ Feature Overview - The Secunia Software Inspector: * Detects insecure versions of applications installed * Verifies that all Microsoft patches are applied * Assists you in updating your system and applications * Runs through your browser. No installation or download is required.
A security issue has been reported in the Simple Access module for Drupal, which can be exploited by malicious people to bypass certain security restrictions. Be sure to check if your system is missing security updates or have insecure applications installed: http://secunia.com/software_inspector/ Feature Overview - The Secunia Software Inspector: * Detects insecure versions of applications installed * Verifies that all Microsoft patches are applied * Assists you in updating your system and applications * Runs through your browser. No installation or download is required.
A vulnerability has been reported in Openfire, which can be exploited by malicious people to cause a DoS (Denial of Service). Be sure to check if your system is missing security updates or have insecure applications installed: http://secunia.com/software_inspector/ Feature Overview - The Secunia Software Inspector: * Detects insecure versions of applications installed * Verifies that all Microsoft patches are applied * Assists you in updating your system and applications * Runs through your browser. No installation or download is required.
Simon Ryeo has reported a vulnerability in CDNetworks Nefficient Download, which can be exploited by malicious people to compromise a user's system. Be sure to check if your system is missing security updates or have insecure applications installed: http://secunia.com/software_inspector/ Feature Overview - The Secunia Software Inspector: * Detects insecure versions of applications installed * Verifies that all Microsoft patches are applied * Assists you in updating your system and applications * Runs through your browser. No installation or download is required. [+ desc][+ titles]
4. focus News»
[+] News: Change in FocusChange in Focus Twitter attacker had proper credentials PhotoDNA scans images for child abuse >> Advertisement << Can you answer the ERP quiz? These 10 questions determine if your Enterprise RP rollout gets an A+. http://www.findtechinfo.com/as/acs?pl=781&ca=909 Conficker data highlights infected networks Google offers bounty on browser bugs Cyberattacks from U.S. "greatest concern" >> Advertisement << Can you answer the ERP quiz? These 10 questions determine if your Enterprise RP rollout gets an A+. http://www.findtechinfo.com/as/acs?pl=781&ca=909 Microsoft patches as fraudsters target IE flaw Attack on IE 0-day refined by researchers Monster botnet held 800,000 people's details >> Advertisement << Can you answer the ERP quiz? These 10 questions determine if your Enterprise RP rollout gets an A+. http://www.findtechinfo.com/as/acs?pl=781&ca=909 Google: 'no timetable' on China talks Latvian hacker tweets hard on banking whistle MS uses court order to take out Waledac botnet >> Advertisement << Can you answer the ERP quiz? These 10 questions determine if your Enterprise RP rollout gets an A+. http://www.findtechinfo.com/as/acs?pl=781&ca=909 Enterprise Intrusion Analysis, Part One Responding to a Brute Force SSH Attack Data Recovery on Linux and <i>ext3</i> >> Advertisement << Can you answer the ERP quiz? These 10 questions determine if your Enterprise RP rollout gets an A+. http://www.findtechinfo.com/as/acs?pl=781&ca=909 WiMax: Just Another Security Challenge? Time to Squish SQL Injection Lazy Workers May Be Deemed Hackers >> Advertisement << Can you answer the ERP quiz? These 10 questions determine if your Enterprise RP rollout gets an A+. http://www.findtechinfo.com/as/acs?pl=781&ca=909 The Scale of Security Hacker-Tool Law Still Does Little News, Infocus, Columns, Vulnerabilities, Bugtraq ... [+ desc][+ titles]
5. focus vulnerabilities GnuPG 'GPGSM Tool' Certificate Importing Remote Code Execution Vulnerability Multiple Mozilla Products 'importScripts()' Method Cross Domain Information Disclosure Vulnerability Mozilla Firefox, Thunderbird, and SeaMonkey 'nsTreeSelection' Remote Code Execution Vulnerability Mozilla Firefox, Thunderbird and SeaMonkey CSS Values Integer Overflow Vulnerability ESA-2010-012: EMC Disk Library (EDL) Denial Of Service Vulnerability XSS vulnerability in Campsite XSS vulnerability in Campsite Akamai Download Manager arbitrary file download & execution News, Infocus, Columns, Vulnerabilities, Bugtraq ... [+ desc]
6. US-CERT National Cyber Alert SystemSupplementing Passwords Vulnerability Summary for the Week of July 19, 2010 Vulnerability Summary for the Week of July 12, 2010 Effectively Erasing Files Oracle Updates for Multiple Vulnerabilities Microsoft Updates for Multiple Vulnerabilities Microsoft Updates for Multiple Vulnerabilities Vulnerability Summary for the Week of July 5, 2010 Vulnerability Summary for the Week of June 28, 2010 Vulnerability Summary for the Week of June 21, 2010 [+ desc]
7. Apple Hot NewsPC Magazine reviews the new 21.5-inch iMac and makes it the Editors? Choice (4/5 stars) for mid-priced all-in-one desktops, citing its ?classic? design, excellent display, powerful multimedia performance, and reasonable price. The review adds: ?The $1,199 iMac is the system that can convert your friend/relative/significant other into one of the Mac faithful.? SlashGear reviewer Vincent Nguyen judges the Magic Trackpad a ?pretty tempting proposition? because it brings the ?useful? Multi-Touch ?gestures Apple?s mobile users have been enjoying to their desktop compatriots.? Adds Nguyen: ?I wholeheartedly recommend the Magic Trackpad.? »
[+] Apps Built for iPhone 4Jim Dalrymple at The Loop highlights apps built to take advantage of iPhone 4 features ? including the gyroscope, accelerometer, and Retina display. Writes Dalrymple: ?There are a lot of great apps for the iPhone, but to experience the ultimate in cool apps you have to look for those built to utilize the newest technologies in iPhone 4.? Reviewer Jonathan Rougeot (computershopper.com) calls the new 21.5-inch iMac the ?king of the all-in-one? category for its beautiful design, innovative peripherals, faster performance, and stellar display. He concludes: ?With its more muscular interior and consistently stylish exterior, the iMac continues to be the cool, smart all-in-one that all the other models envy.? »
[+] Apple Updates Safari 5Apple today released Safari 5.0.1 and introduced the Safari Extensions Gallery. Extensions allow users to quickly add powerful new features to Safari ? from toolbars that display live web feeds to sophisticated programs that filter web content. Users can download and install extensions either from the Safari Extensions Gallery or directly from a developer?s site. »
[+] Apple Updates iMac LineApple today updated its all-in-one iMac line, widely praised as the world?s best desktop computers, with the latest Intel Core i3, Core i5, and Core i7 processors and powerful new graphics. Apple also introduced the new Magic Trackpad ? available separately for $69 ? which brings the intuitive Multi-Touch gestures of Mac notebook trackpads to the desktop. Apple?s new Mac Pro line comes with up to 12 processing cores and up to 50 percent greater performance than the previous generation. Featuring the latest quad-core and 6-core Intel Xeon processors, all-new ATI graphics, and the option for up to four 512GB solid state drives (SSD), the new Mac Pro continues to deliver amazing performance and expandability for the most demanding consumers and professionals. Apple unveiled a new 27-inch LED Cinema Display with stunning 2560 x 1440 resolution and 60 percent more screen real estate than the 24-inch LED Cinema Display. Featuring a built-in iSight video camera, microphone and speakers, powered USB 2.0 hub, and universal MagSafe connector, the new LED Cinema Display is an ideal companion for any Mac notebook or desktop. Beginning this Friday, July 30, customers can purchase iPhone 4 in Australia, Austria, Belgium, Canada, Denmark, Finland, Hong Kong, Ireland, Italy, Luxembourg, Netherlands, Norway, New Zealand, Singapore, Spain, Sweden, and Switzerland. iPhone 4 will be available for purchase through Apple?s retail and online stores and Apple Authorized Resellers. Apple today announced financial results for its fiscal 2010 third quarter ended June 26, 2010. The Company posted record revenue of $15.7 billion and net quarterly profit of $3.25 billion, or $3.51 per diluted share. ?It was a phenomenal quarter that exceeded our expectations all around, including the most successful product launch in Apple?s history with iPhone 4,? said Steve Jobs, Apple?s CEO. ?iPad is off to a terrific start, more people are buying Macs than ever before, and we have amazing new products still to come this year.? FileMaker, Inc. today announced FileMaker Go for iPhone and FileMaker Go for iPad, two highly anticipated new apps ? now available from the App Store ? that let users easily view, edit, and search for information in FileMaker Pro databases on their iPhone or iPad. Apple today announced that iPad will be available in Austria, Belgium, Hong Kong, Ireland, Luxembourg, Mexico, Netherlands, New Zealand, and Singapore this Friday, July 23. iPad allows users to connect with their apps and content in a more intimate, intuitive, and fun way than ever before. Novartis, a leading manufacturer of vaccines and pharmaceutical products, turned to iPhone and a mix of custom and commercial apps to streamline communications among its 100,000 global employees. Now the company has developed a consumer iPhone app, VaxTrak, that helps parents manage their children?s vaccines and preventive care. To silence the ?dreaded ?are we there yet? whine? that can accompany summer travel with children, USA Today columnist Jinny Gudmundsen recommends iPad apps. Her picks include multiplayer board games, art apps, visual puzzles, and a ?just for fun? app that features talking sock puppets. Peter Cohen (Loopinsight.com) presents a selection of standout iPad games ? ranging from action to strategy to multi-player crossword ? with mini-reviews that detail how each app?s gameplay is enhanced on iPad. PC Magazine makes Mac mini with Snow Leopard Server an Editors? Choice (4.5/5 stars) and writes that the ultra-compact device brings ?the sort of flawless design and ease of use we expect from Apple?to a space that usually offers neither: the server market.? The iPhone 4 has been the most successful product launch in Apple?s history. It has been judged by reviewers around the world to be the best smartphone ever, and users have told us that they love it. So we were surprised when we read reports of reception problems, and we immediately began investigating them. Here is what we have learned. Apple today announced that it has sold more than 1.7 million iPhone 4 devices through Saturday, June 26, just three days after the phone?s launch on June 24. ?This is the most successful product launch in Apple?s history,? said Steve Jobs, Apple?s CEO. ?Even so, we apologize to those customers who were turned away because we did not have enough supply.? »
[+] Apple Updates MobileMeMobileMe ? the easy way to keep your iPhone, iPad, iPod touch, Mac, and PC in sync ? now includes an all-new Me.com webmail application with faster performance and great new features and a free Find My iPhone app for iPhone, iPad, and iPod touch. Apple today announced that it sold its three-millionth iPad yesterday, just 80 days after the device?s U.S. introduction. ?People are loving iPad as it becomes a part of their daily lives,? said Steve Jobs, Apple?s CEO. ?We?re working hard to get this magical product into the hands of even more people around the world, including those in nine more countries next month.? [+ desc][+ titles]
8. Oracle Technology NetworkLegacy Dev2Dev and Arch2Arch Newsgroups have migrated to forums.oracle.com in the form of a searchable, read-only archive. Help your end-users digest information by implementing cell highlighting in your rich enterprise applications. From Oracle ACE Director Lucas Jellema. Learn how to create a cheap but fully functional Oracle Extended RAC implementation in a virtualized environment, step by step. (Not validated by Oracle; for educational purposes only.) The latest addition to the My Oracle Support platform, My Oracle Support Community is an integrated, multi-channel online collaboration portal that leverages the latest Web 2.0 technologies to provide access to a vast knowledge repository. When redevelopment is necessary, the concepts used in a Forms application can be mapped to the Java platform using Oracle JDeveloper and ADF. This technical case study illustrates this process. Oracle ACE Director Arup Nanda's 20-part series of how-tos about top new features for DBAs and developers is now complete?spanning Schema Management, Caching and Pooling, Data Warehousing & OLAP, and much more. Get an overview of real-world testing methodologies, as well as a getting-started introduction to Oracle Test Manager for Web Applications. Oracle JDeveloper 11g showcases new features to provide a full
development environment for Java EE 5, and rounded out with new features
for Ajax developers, including new ADF Faces Rich Client components as
well as JavaScript editing and debugging. Web services development is
also greatly improved. Come here to start creating SOA with your JD Edwards EnterpriseOne applications. "Best Practices" are offered for how to service-enable JD Edwards EnterpriseOne Business Services, and then build integrations, business processes and composite applications using Fusion Middleware technology. [+ desc]
9. Latest Security NewsSAN FRANCISCO - July 22, 2010 - Businesses must change their mindset on security to help ensure that their networks and vital corporate information are protected from evolving security threats, according to the Cisco 2010 Midyear Security Report released today. Tectonic shifts – the increasing use of social networking, the proliferation of network-connected mobile devices, and virtualization ... SAN FRANCISCO - June 24, 2010 - Building on its Borderless Networks architecture and vision, Cisco today announced that it has partnered with leading vendors to address the evolving security needs of enterprise customers. Working with these partners, Cisco will be able to deliver comprehensive security with validated systems that comprise Cisco's industry-leading platform and third-party ... SAN FRANCISCO - June 24, 2010 - Cisco today announced the results of a survey exploring the security implications of social networking and the use of personal devices in the enterprise. One of the most striking findings was that employees are consistently working around information technology security policies to use unsupported devices and applications. Another significant finding: 71 ... June 7, 2010 By James A. Martin Cloud computing offers many compelling benefits to organizations, such as reduced capital and operating costs and as-needed scalability. So why aren't more businesses taking advantage of the on-demand computing resources services collectively known as 'the cloud'? Security concerns are easily the number one inhibitor to deploying the cloud," says Zeus ... Cloud Computing Security: What Cisco and the Industry are Doing About It June 7, 2010 By James A. Martin Cisco is working with its partners in a variety of ways to help evolve cloud computing security and the cloud market overall. These initiatives include product development, collaboration with technology partners, and the company's collaboration in standards bodies and industry groups. ... [+ desc]
10. MSDN: Security11. Brian Johnson on Security12. rootpromptGreat article describing level one and two memory caching in zfs."L2ARC is a new layer between Disk and the cache (ARC) in main memory for ZFS. It uses dedicated storage devices to hold cached data. The main role of this cache is to boost the performance of random read workloads. The intended L2ARC devices include 1K/15K RPM disks like short-stroked disks, solid state disks (SSD), and other media with substantially faster read latency than disk." Understanding ZFS & ZFS ARC/L2ARC The GNU Image Manipulation Program (GIMP) is a robust application for editing and manipulating digital images. In this article, you will learn how to get started with the GIMP code, how to build the project from the Git repositories, and how to find your way around the code tree. And you will build an example application that creates a whole new painting tool for the program."Dive into the code base of the GNU Image Manipulation Program and add to it" Java language is the tool of choice for Android developers. The Android runtime uses its own virtual machine, Dalvik, which is not the usual Java virtual machine that most Java developers are used to. In this article you will learn advanced Java features and how they are implemented on Android. This includes features such as concurrency, networking, and database access."
Implement concurrency, networking, and database access in Android" http://www.ibm.com/developerworks/library/x-gourmetand Look at how the leading Python testing frameworks provide robust auto-discovery of your application tests. Make sure your applications are written right the first time, and that they stay working through months and years of further tweaks and improvements. In Part 1 learn to Install and configure a simple cluster and discover ways to monitor and manage Hadoop using its core Web interfaces. In Part 2 Install configure a multinode cluster and dig into the management aspects of Hadoop.
"How to use Hadoop in a single-node and multinode cluster" http://www.ibm.com/developerworks/linux/library/l-hadoop-1/index.html?ca=dgr-lnxw1HadoopP1dth-LX In this five-part series, you will take a closer look at several new technologies that are part of HTML5, that can have a huge impact on mobile Web application development.
Part 1: Combine HTML5, geolocation APIs, and Web services to create mobile mashups
Part 2: Unlock local storage for mobile Web applications with HTML5
Part 3: Make mobile Web applications work offline with HTML5
Part 4: Using Web Workers to speed up your mobile Web applications
Part 5: Develop new visual UI features in With the Linux virtual file system switch (VFS), you can create file systems on a variety of devices, from traditional disk, USB flash drives, memory, and other storage devices. You can even embed a file system within the context of another file system. Discover what makes the VFS so powerful, and learn its major interfaces and processes. Do you know what to do when the performance of your UNIX network and the speed at which you can transfer files or connect to services suddenly comes to a stop? How do you diagnose the issues and work out where in your network the problems lie? This article looks at some quick methods for finding and identifying performance issues and the steps to start resolving them. Much like a vernacular, the universe of UNIX tools changes almost perpetually. New tools crop up frequently, while others are eternally modernized and adapted to suit emerging best practices. To speak UNIX fluently, you have to keep up with whats New and good. Linux ordinarily uses Cron to automatically perform routine system maintenance on desktop or laptop computers, however not running Cron routinely can result in monstrously large log files and other problems. You can offload most or all of your usual daily and longer-interval Cron jobs onto Anacron enabling your computer to run regular maintenance jobs whenever the computer is powered on, even if those times are unpredictable. Accelerate your porting efforts by following this six-step guide to porting from Solaris to Linux on POWER. Learn the differences between Solaris and Linux on POWER that you commonly encounter during a port. Also learn about tools for performance analysis and software packaging for Linux on POWER. Was always a pine fan before I went to Gmail. "Many geeks ditch the heavy graphical or web-based mail clients for a lean, mean solution: mutt. Mutt's a character-based Mail User Agent (MUA) that snaps to your every command. It also provides powerful features for customization, organizing large volumes of email (especially from mailing lists), and interfacing to other applications." HOW TO: Teach your old Mutt some new tricks Nice retrospective by computer world."After batting around some ideas for a new system, Thompson wrote the first version of Unix, which the pair would continue to develop over the next several years with the help of colleagues Doug McIlroy, Joe Ossanna and Rudd Canaday. Some of the principles of Multics were carried over into their new operating system, but the beauty of Unix then (if not now) lay in its less-is-more philosophy." Unix turns 4 Learn how to better integrate scripts with command-line tools. Examine using shell_exec(), exec(), passthru(), and system(); safely passing information to the command line; and safely retrieving information from it. See how to integrate closely with underlying shell commands and folding any return values into your interfaces and processes. The battleground has shifted from the Operating System to the hypervisor, and Linux has a clear role to play. One of the most important modern innovations of Linux is its transformation into a hypervisor. Learn about KVM and Lguest and why the most important modern innovations of Linux is its transformation into a hypervisor The ideas in this article may help you breathe life (and some additional security) into your old machines and make better use of Linux on aging hardware. A lack of physical memory can severely hamper Linux performance. Llearn how to accurately measure the amount of memory your Linux system uses. You also get practical advice on reducing your memory requirements using an Ubuntu system as an example. This article compares and contrasts some of the innovations of the latest releases of AIX 6.1, Solaris 1, and HP-UX. Learn the differences on how to work with certain tasks, such as networking and performance tuning. Also, see at a high level some of the virtualization differences among these big three. You decide what you prefer best. Some nice info in this."Most of the time, your screen's capabilities should be identified using something called EDID - Extended Display Identification Data. This is a chunk of information sent from your display to your graphics card, and normally contains information such as your screen's model and manufacturer, resolution timings and display size. X then uses this data to create appropriate resolutions and bit depths that make optimal use of your hardware." Modify xorg.conf for better per As data centers grow in both size and complexity, the ability to manage the configuration of each and every server from a central location becomes increasingly important. Two popular Open Source configuration management solutions exist: cfengine and Puppet."Puppet is written in Ruby, is easily installed, and as we will see, can be setup and taken live in less than fifteen minutes!" Puppet + subversion in 15 minutes Android, a complete operating environment based upon the Linux V2.6 kernel, promises to be a market-moving open source platform that will be useful well beyond cell phones. In this article, learn about the Android platform and how it can be used for mobile and nonmobile applications, then build your first Android application. This simple first app you build will get you started quickly, but beleive me, you'll want to do more after that. Why is virtualization so important? The short answer is that virtualization enables businesses to lower their technology Total Cost of Ownership (TCO), while increasing their Return on Investment (ROI). What do the top UNIX vendors have to offer with respect to virtualization? Find out what virtualization is more scalable. Here's a look at HP's Virtual Server Environment (VSE), Sun's xVM, and IBM's PowerVM. Let the pictures tell the story. This is the next version of Fedora. Fedora 11 Screenshot Tour I want an ebook reader like device. But am way to cheap to get anything I have seen on the market. If the Kindle was $15 I think I would be carrying one around. Well if there was more of an electronic version discount for the books at least.""Effectively what [Pixel Qi is] doing is creating a hybrid display that combines the best of E Ink and regular LCDs," says Robert Barry, director of business development for Team Research, a company that makes an e-book reader called the Astak Mentor "MySQL's clustering storage engine is a unique take on database clustering, unlike Oracle's or Microsoft SQL Servers solutions. As with those, it has its strengths and weaknesses, so you'll of course need to test, test, and test some more before you can decide if the technology is right for your application, and organization. New features that are in development include the ability to add nodes while the cluster is up and running, storing data and index information on disk, and much more. Who needs GUIs?"Based on ncurses, MOC (music on console) is a popular, text-based audio player which can play various audio formats, including Ogg Vorbis, FLAC, MP3, MP4, WMA and WAV. The release I'm going to talk about in this article is 2.5.-alpha3, as it comes with Debian Lenny." MOC: Text based audio player Vimscript is a mechanism for reshaping and extending the Vim editor. Scripting allows you to create new tools, simplify common tasks, and even redesign and replace existing editor features. This article introduces the fundamental components of the Vimscript programming language: values, variables, expressions, statements, functions, and commands. These features are demonstrated and explained through a series of simple examples. I am thinking that this is basically a toy. I may be wrong though may be some good use that it could be put to. It is interesting though."The only difference is that, unlike Kandor, VirtualBSD is trapped in VMware not in a bottle. You can't install it directly to your computer as an independent OS at this point. Nor can you run it as a Live CD to get a taste of it without installing anything. VirtualBSD exists solely as a VMware appliance right now." VirtualBSD Review--Inside and Out For embedded Linux engineers and aficionados, one exciting aspect of cloud computing is the sudden interest in thin Linux clients. Explore cloud computing from a Linux perspective and discover some of the most innovative and popular Linux-based solutions with a particular view toward Linux thin clients and environmentally beneficial options. While I still like the command line. This is pretty cool."There are several different ways to make a multi-touch surface, but we'll focus on the one that we employed: the FTIR screen. An FTIR (short for Frustrated Total Internal Reflection) setup involves three vital components: a sheet of transparent acrylic, a chain of infrared LEDs, and a camera with an IR filter. The LEDs are arranged around the outside of the sheet of acrylic so that they shine directly into the thin side surfaces." B How could you kill an open source product?"Oracle's senior management has expressed its love for Sun Microsystems' software and hardware but warned tough decisions are coming on what people and products stay.
President Charles Phillips and chief corporate architect Edward Screven have committed to keeping Java open and to not killing MySQL. They also mocked the idea Oracle would simply shut down or close off certain technologies and talked tough on Oracle's smarts as a hardware vendor." Or In this article, learn how to use the open source Clonezilla Live cloning software to convert your physical server to a virtual one. Specifically, see how to perform a physical-to-virtual system migration using an image-based method. In this article you will learn how Aptana makes it easy to develop applications based on PHP and MySQL, and how to deploy them to the cloud. Also explore some of the critical design differences between a cloud application and a traditional N-tier application. Michael Widenius aka Monty is the founder and original developer of MySQL. Not that long ago he left his job with Sun. These are his thoughts on the purchase of Sun by Oracle and how it will affect MySQL. "This brings up the question, once again, how can one own an Open Source Project. Patrick Galbraith, summed up his feelings in a recent blog post, , that the "ownership" of Free and open source projects has more to do with who provides the best stewardship of the code, rather than who This is one I did not see coming. Seems like a much better fit than IBM. But what do I know. The thing I am most wondering about is what is going to be happening with MySQL."So today we take another step forward in our journey, but along a different path - by announcing that this weekend, our board of directors and I approved the acquisition of Sun Microsystems by the Oracle Corporation for $9.5/share in cash. All members of the board present at the meeting to review the transaction vot Never have used memcached, but looks straight forward enough. It is interesting to me that there really is no free lunch. If your database machine is not fast enough and you spread out the load to memcached, you then need a very fast network. and so forth. "A single instance of memcached was run on a SunFire X227 (2 socket Nehalem) with 48GB of memory and an Oplin 1G card. Several external client systems were used to drive load against the server using an internally developed Memcached be AIX V6.1 has introduced a secure flavor of FTP (and ftpd) based on OpenSSL, using Transport Layer Security (TLS) to encrypt both the command and the data channels of file transfer. This article coveres the various aspects of the secure FTP setup, which includes the complete FTP service configuration on the server side, as well as the client side. [+ desc][+ titles]
13. SANS Internet Storm Center»
[+] Infocon: greenDeja-Vu - database attack vector development Over on the McAfee Avert Labs Blog, analysts Shinsuke Honjo and Geok Meng Ong have posted additional ...(more)... Oracle has posted it'sadvance information for it'sCritical Patch Update for April 2008, ...(more)... Overview of the April 2008 Microsoft patches and their status.
#
...(more)... Last month, we discussed the possibility of a D-Link Router worm for consumer network hardware.nbsp ...(more)... It appears that Symantec has raised the Threatcon to Level 2 this afternoon.
www ...(more)... A couple of months ago my boss asked me to take over the Abuse for our company. Little did I know wh ...(more)... We received an email from one of our faithful reader's just a few minutes ago letting us know that t ...(more)... [+ desc]
14. bugtraq at insecure.org« | RSS.HomePage | » |
