Posts tagged with: security

So Twitter announced yesterday that they have now enabled optional two-factor authentication. "Great!" you may think, but think again... it seems Twitter has gone their own way and made it a right PITA to use. Ars Technica summarise it nicely...  Continue reading ►

This is a great article showing Solaris Extended Policy on Solaris 11 in response to another Oracle engineer's details on setting up something similar on Linux using AppArmor and SELinux. I love the little dig in the opening paragraph...  Continue reading ►

This article discusses how to enable Trusted Extensions on an Oracle Solaris Cluster 4.1 cluster and configure a labeled-branded Exclusive-IP type of zone cluster.— How to Build a Secure Cluster

If you're running Solaris 11.1, and you happen check your /etc/shadow file, you may notice there's been a change to the flags field (the last one)...  Continue reading ►

Need to secure Solaris 11? Check out the CIS Solaris 11 Benchmark...  Continue reading ►

The ancient art of password cracking has advanced further in the past five years than it did in the previous several decades combined. At the same time, the dangerous practice of password reuse has surged. The result: security provided by the average password in 2012 has never been weaker.— Why passwords have never been weaker—and crackers have never been stronger | Ars Technica  Continue reading ►

It's July, so time for Oracle to release a new quarterly Critical Path Update (CPU) advisory - July 2012's is here. If you've come from a Sun background, you should be used to Oracle's CPU release cycle and everything that is involved in it by now. All of that still stands, however as of July 2012, Oracle is now also providing the advisories in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1 spec.  Continue reading ►

I'm part of the Security Certified Group of engineers at Oracle and one of the most common questions that comes up is...  Continue reading ►

Well, it's been a week since I implemented my changes to the tagcloud.swf and I've not encountered any problems. I've also been in touch with MustLive who reported the original XSS and HTML Injection issues I mentioned last week and he believes my changes successfully mitigate the HTML Injection issue.  Continue reading ►

This week an announcement was made on Seclist.org about a XSS and HTML Injection vulnerability in all the plugins that use the original tagcloud.swf from WP-Cumulus (which includes HB-Cumulus).  Continue reading ►