Source: SNP
Sony Corp., the second-largest consumer-electronics maker, said it has identified a security- related software flaw in almost a million of its Vaio computers. The flaw, which is contained in software on some Vaio models sold in Japan, North Asia, excluding China, South Asia, Oceania, the Middle East and South Africa, may result in data being lost, the company said in a faxed news release.
Source: Linux Magazine
Network Management is one of those things that Big Companies do. It's a task often associated with hardware and software that costs six figures and requires lots of special training and experience to operate properly.
Source: ZDNet
Are we winning the battle against computer viruses and security threats, or getting swamped by an epidemic?
Although corporations and individuals are taking more measures to inoculate against computer viruses and online vandals, security experts disagree over whether they're stemming the tide or simply keeping heads above water in the face of a growing number of hackers and ever more virulent code.
Source: SentryLabs
This advisory is provided by www.sentry-labs.com. The Inclusion Bug Allows a Remote User to Specify and Execute Remotely Stored PHP Scripts on the PHP-Nuke Server (yet again). The first index.php issue discovered by Nopman (bid 3889) was patched quiete after it was reported, but the patch is still vulnerable to a similar kind of attack.
Vendor Status:
Source: Wired
Choicepoint, a database firm that sells information about individuals and companies to clients, including the FBI and insurance firms, left an internal corporate database viewable to anyone with a Web browser, the company confirmed.
Source: Zero Security
Vulnerable systems:
Perl2exe version 5.03
Background:
Perl2Exe is a command line program for converting perl scripts to exe files. This allows you to create stand alone programs in perl that do not require the perl interpreter. You can ship the exe file without having to ship your perl source code.
What does the tool do?
The tool is able to extract the plain text version of the encrypted perl script.
