Source: InfoWorld
WEB SERVICES ARE primed to be the next big development for Internet-based applications and transactions. As with any new technology, security eventually surfaces in the discussion -- and Web services is no different. After all, the aim of Web services, which is to seamlessly integrate systems and applications that communicate over a network, will often allow access to sensitive information by unknown parties.
With the continuing revelations of alleged data destruction and obstruction of justice in the Arthur Anderson/Enron debacle, digital forensics, long the purview of law enforcement and intelligence agencies, is now common fodder on the nightly news.
In this highly accessible interview, leading US security researcher Dr. Eugene Spafford talks about the infosec threat landscape; privacy; the challenges of digital certificates, CRLs, public key infrastructure standards and interoperability; key escrow, backup and recovery; identity fraud; trust on the Internet; and the problems of security education today. It's a good read and gives great insights into the mind of one of the leading infosec thinkers (and US government security advisors) of our time.
Source: SecurityFocus
Handle Nopman wrote to BugTraq to explain the latest MAJOR vulerability found in PHPNuke, the popular web portal software and close relative of the derivative software PostNuke. He states " I've found a serious security flaw in PHP-Nuke. It allows user to execute any PHP code.
Over at http://victim.cylant.com/ there's a new CylantSecure challenge going on. I participated in their last challenge in the summer of 2001 and had alot of fun. This time the prize money is $5000. More information about the challenge and their product can be found at the above address.
Source: SNP
The Computer Emergency Response Team (CERT) at Carnegie Mellon University recently released its 2001 CERT Coordination Center statistics (www.cert.org/stats/cert_stats.html). Both the number of security incidents and reported vulnerabilities more than doubled and begs the question, "What's in store for this year?"
Source: SNP
L33tdawg: Click here to visit the Oracle Security Briefing Center.
I just took a cruise over to the Oracle Security Briefing Center to see what they have posted concerning Oracle's efforts to ensure that their database is "UNBREAKABLE". They have available for download and viewing all of the following presentations and product briefings:
Source: CNet News
Online vandals are using a two-month-old security hole in Sun Microsystems' Solaris operating system to break into servers on the Internet, a security expert said Tuesday.
Researchers witnessed the attack when one intruder broke into a Solaris server under intense observation as part of the Honeynet Project, an initiative to develop ways to turn spare computers into digital fly traps to study and document actual Internet attacks.
