Tuesday, March 18, 2003

eWEEK - Kerberos Vulnerability Uncovered - There is a serious weakness in MIT's Kerberos v4 authentication protocol that allows an attacker to impersonate any principal in a given realm.
The Kerberos development team at MIT said the contents of an unpublished paper with details of this vulnerability have been leaked on the Internet. Using these details, an attacker familiar with Kerberos could easily exploit the vulnerability.
4:17:07 PM    

U.S. Army Web servers hacked - Computerworld - Hackers on March 11 infiltrated an undisclosed number of U.S. Army Web servers, taking advantage of a previously undisclosed buffer-overflow vulnerability in a component of Microsoft Corp.'s Windows 2000 that is used to manage the Web Distributed Authoring And Versioning (WebDAV) protocol.

So it looks like the newest MS vulnerablilty first appeared in attacks against military targets.  A new front?


4:04:57 PM    

MySQL 4 Declared Production-Ready 

MySQL 4 Declared Production-Ready
SoftwarePosted by michael on Tuesday March 18, @02:18PM
from the hardly-any-data-loss dept.
Simprini writes "After absolute ages of testing MySQL 4.0.x in various versions of BETA through GAMMA it looks like MySQL AB finally released MySQL 4.0.12 as ready for prime-time production use. I know my company has been waiting for a long time for this because our customers absolutely refused to use beta releases of this product. Query caching here we come."

 [Slashdot]


3:47:46 PM    

Local Root Hole in Linux Kernels

Local Root Hole in Linux Kernels
SecurityPosted by michael on Tuesday March 18, @03:09PM
from the keep-those-users-down dept.
xepsilon writes "A local Linux security hole using ptrace has been discovered that allows a potential attacker to gain root privileges. Linux 2.2.25 has been released to correct this security hole, along with a patch for 2.4.20-pre kernels. 2.4.21 ought to contain this fix, once it is released. 2.5 is not believed to be vulnerable to this security hole. See this email from Alan Cox for details, and a patch."

[Slashdot]


3:45:04 PM    

And now, for my next trick. And now, for my next trick: First, "How Appealing" -- with a crucial behind-the-scenes assist from Third Circuit Chief Judge Edward R. Becker -- convinced the Tenth Circuit to list precedential opinions separately from non-precedential opinions on that court's Web site. [How Appealing]

 


11:54:40 AM    

The Register:"IT publisher Wrox Press is set to close following the collapse into liquidation of US owners Peer Information last Friday. Peer Information owns Friends of Ed and Wrox Press, which trades as Glasshaus, Curlingstone, and runs a number of community sites. "

Sad news beginning to spread.  Wrox published some of the better titles on things like PHP, MySQL, and Apache.  With any luck someone will pickup the line.


8:59:57 AM    

Yahoo! News - Microsoft Warns of Windows Flaw - Microsoft said Monday that it discovered a critical security vulnerability in a component of its Windows 2000 (news - web sites) operating system that could enable a remote attacker to gain total control of a machine running Windows 2000 and Microsoft's Internet Information Server Web server.

The flaw involves buffer runs using WebDAV and IIS 5.0.


8:42:47 AM    

Migrating to ColdFusion MX Overview by Macromedia; re: ColdFusion. [Macromedia - Designer Developer Center]

This is worth knowing.  When we migrate we will face a lot of this.


8:32:02 AM    

© Copyright 2004 Elmer Masters .
Last update: 3/18/2004; 5:39:15 PM .

Click here to visit the Radio UserLand website. Valid CSS! Subscribe to "News Filter" in Radio UserLand. Click to see the XML version of this web page. Click here to send an email to the editor of this weblog.