Explaining the URL-Based Mac OS X Vulnerability (24-May-2004; 7.5K)
Grok Headline matches for Explaining the URL-Based Mac OS X Vulnerability (24-May-2004; 7.5K)
URL-Based Mac OS X Vulnerability
Revealed (24-May-2004; 6.4K)
URL-Based Mac OS X Vulnerability
Revealed (24-May-2004; 6.4K)
05/24/2004 09:58 PMLink-based Mac OS X Vulnerability
Revealed (18-May-2004; 1.9K)
Link-based Mac OS X Vulnerability
Revealed (18-May-2004; 1.9K)
05/18/2004 12:05 PMCA unveils subscription-based
vulnerability detection service
CA unveils subscription-based
vulnerability detection service
05/26/2004 04:58 PMComputer Associates' new eTrust Managed Vulnerability Service appears
to be unique in the industry, one analyst said, since it allows
companies to co-manage network vulnerabilities.
Security Update 2004-09-16 Fixes iChat
Vulnerability (20-Sep-2004; 1.4K)
Security Update 2004-09-16 Fixes iChat
Vulnerability (20-Sep-2004; 1.4K)
09/20/2004 09:00 PMNon-logged Brute Force Attack
Vulnerability for Fantastico-Created
Databases on cPanel Based Hosts
Non-logged Brute Force Attack
Vulnerability for Fantastico-Created
Databases on cPanel Based Hosts
05/19/2004 02:58 PMMichael Curtis (May 19 2004)
Re: Non-logged Brute Force Attack
Vulnerability forFantastico-Created
Databases on cPanel Based Hosts
Re: Non-logged Brute Force Attack
Vulnerability forFantastico-Created
Databases on cPanel Based Hosts
05/21/2004 01:00 PMMichael Curtis (May 20 2004)
Re: Non-logged Brute Force Attack
Vulnerability for Fantastico-Created
Databases on cPanel Based Hosts
Re: Non-logged Brute Force Attack
Vulnerability for Fantastico-Created
Databases on cPanel Based Hosts
05/21/2004 06:41 PMKenneth Peiruza (May 20 2004)
A Lot Of Explaining To Do...
A Lot Of Explaining To Do...
12/22/2004 01:13 AMDave
Winer: At some point Microsoft is going to re-staff the IE team in
response to Firefox. When they do it, how will they explain the seven
years during which they invested nothing in the user experience of the
browser?
Advisory 07/2004: CVS remote
vulnerability
Advisory 07/2004: CVS remote
vulnerability
05/19/2004 01:33 PMStefan Esser (May 18 2004)
Explaining my absence
Explaining my absence
12/30/2003 01:23 AMWelcome loyal readers, as many of you have noticed and emailed about,
I have been out of the normal routine for the past week and a half. I
have been taking time off, due to an illness that currently has...
Re: RS-2004-1: SquirrelMail
"Content-Type" XSS vulnerability
Re: RS-2004-1: SquirrelMail
"Content-Type" XSS vulnerability
06/01/2004 05:28 PMLupe Christoph (Jun 01 2004)
Advisory 11/2004: PHP memory_limit
remote vulnerability
Advisory 11/2004: PHP memory_limit
remote vulnerability
07/14/2004 12:03 PMStefan Esser (Jul 13 2004)
Advisory 12/2004: PHP strip_tags()
bypass vulnerability
Advisory 12/2004: PHP strip_tags()
bypass vulnerability
07/14/2004 12:03 PMStefan Esser (Jul 13 2004)
RS-2004-1: SquirrelMail "Content-Type"
XSS vulnerability
RS-2004-1: SquirrelMail "Content-Type"
XSS vulnerability
06/01/2004 03:27 PMRoman Medina (May 29 2004)
MDKSA-2004:077 - Updated wv packages fix
vulnerability
MDKSA-2004:077 - Updated wv packages fix
vulnerability
07/30/2004 03:41 PMMandrake Linux Security Team (Jul 29 2004)
Advisory 08/2004: Subversion remote
vulnerability
Advisory 08/2004: Subversion remote
vulnerability
05/19/2004 01:33 PMStefan Esser (May 18 2004)
Announcing (and explaining) our new 2.0
licenses
Announcing (and explaining) our new 2.0
licenses
05/25/2004 06:04 PMLast night, after many months of gathering and
processing great feedback from all of you, we
turned on version 2.0 of the main Creative Commons licenses. The 2.0
licenses are very similar to the 1.0 licenses -- in aim, in structure,
and, by and large, in the text itself. We've included, however, a few
key improvements, thanks to your input. A quick list of new features
follows. All section numbers refer to the Attr
ibution-Noncommercial-ShareAlike 2.0 license. (Corresponding
section numbers may vary across licenses.)
Attribution comes standard
Our web stats indicate that 97-98% of you choose Attribution, so we
decided to drop Attribution as a choice from our license menu -- it's
now standard. This reduces the number of licenses from eleven possible
to six and makes the license selection user interface that much
simpler. Important to remember: Attribution can always be disavowed
upon licensor request, and pseudonymous and anonymous authorship are
always options for a licensor, as before. If we see a huge uprising
against the attribution-as-stock-feature, we'll certainly consider
bringing it back as an option.
Link-back attribution clarified
Version 1.0 licenses did not carry any requirements to add
hyperlinks as attribution. Under the 2.0 licenses, a licensor may
require that licensees, to fulfill their attribution requirement,
provide a link back to the licensor's work. Three conditions must be
satisfied, though, before a licensee faces the linkback requirement:
(1) linking back must be "reasonably practicable" -- you can't string
me up for failing to link to a dead page, for example; (2) the
licensor must specify a URL -- if you don't provide one specifically,
i have no linkback obligation; (3) the link licensor provides must
point to the copyright and licensing notice of the CC'd work -- in
other words, licensors who abuse the linkback as an engine for traffic
to unrelated sites don't enjoy linkback rights.
Synch rights clarified
The new licenses clarify when licensees may or may not synchronize
musical CC'd works in timed-relation with a moving image. Basically,
if a license allows derivatives, it allows the synching of music to
video. If no derivs, no synching allowed. (See Sect
ion 1b.)
Other music-specific rights
clarified
The default rules for music-related copyrights can be particularly
complicated, and the 2.0 licenses go to greater length to clarify how
various CC license options affect music rights. In a nutshell: If you
pick the "noncommercial" provision, you retain the right to collect
royalties from BMI, ASCAP, or the equivalent for performance
royalties; from Harry Fox or the equivalent for mechanicals; and from
SoundExchange or the equivalent from webcasting compulsories. If you
allow commercial re-use, you waive the exclusive rights to collect
these various revenue streams. This is not a departure from the policy
embodied in the 1.0 licenses -- these same results would be
extrapolated by any reasonable interpretation. But 2.0 just makes it
all clearer, and using the language of the profession. (See Sect
ions 4e and 4f.) Note: This music-specific language marks the
first time we've referred to any specific statutes in the generic CC
licenses. This means that future iCommons licenses will have to do the
same somewhat complicated mapping exercise for each respective
jurisdiction.
Warranties? Up to licensors
Unlike the 1.0 licenses, the 2.0 licenses include language that
makes clear that licensors' disclaim warranties of title,
merchantibility, fitness, etc. As readers of this blog know by now,
the decision to drop warranties as a standard feature of the licenses
was a source of much organizational soul-searching and analytical
thinking for us. Ultimately we were swayed by a two key factors: (1)
Our peers, most notably, Karl
Lenz, Dan Bricklin, and MIT. (2) The realization that licensors
could sell warranties to risk-averse, high-exposure licensees
interested in the due diligence paper trial, thereby creating nice CC
business model. (See the Prelinger
Archive for a great example of this free/fee, as-is/warranty
approach.) You can find extensive
discussion of this issue in previous posts on this blog. (See Sect
ion 5.)
Share Alike Across Borders
Version 2.0 licenses that feature the Share Alike requirement now
clarify that derivatives may be re-published under one of three types
of licenses: (1) the exact same license as the original work; (2) a
later version of the same license as the original work; (3) an
iCommons license that contains the same license elements as the
original work (e.g. BY-SA-NC, as defined in Sect
ion 1 of each license). The version 1.0 licenses required that
derivative be published under the exact same license
only. Our tweak means much better compatibility across future
jurisdiction-specific licenses and going forward across versions. Less
forking, more fun. (See Sect
ion 4b.)
Otherwise, Share Alike Means Share
Alike
After much very strong and eloquent argument from our readers and
supporters, and notwithstanding the increased flexibility of Share
Alike in the iCommons context, we decided not to make
the BY-NC-SA and plain BY-SA licenses compatible. If you take a work
under BY-NC-SA 2.0 and make something new from it, for example, you
can re-publish under BY-NC-SA Japan, or BY-NC-SA 7.4 (when that
comes), but you cannot republish it under any other license or combine
it with BY-SA content. Similarly, a derivative made from a work under
BY-SA 2.0 may be published only under BY-SA 2.0, BY-SA (iCommons
license), or BY-SA 9.1, but it can't be mixed with BY-NC-SA or other
noncommercial content and republished.
Nifty new Some Rights Reserved
button
Check out the button at the bottom of this page. Wouldn't that look
good on your site? Time for an upgrade, cosmetic as well as
legal?
Explaining DDR Memory Bandwidth
Explaining DDR Memory Bandwidth
07/20/2004 07:57 AMexplaining trackback to journalists
explaining trackback to journalists
07/02/2004 03:08 PMi'd love to see more newspapers enable trackback on non-blog pages
Explaining the 24-bit Base Registers
Explaining the 24-bit Base Registers
04/12/2004 11:13 PM[Herewith an appearance by a guest author, name of John
Fowler; explanation in the coda at the
end]. I attended the
IBM 360 40yr
Anniversary at the
Computer History Museum in
Mountainview, California. I'm on their mailing list and went
there for the sole purpose of finding out: what the heck were they
thinking with the use of 24 bit addressing in base registers that were
32 bits wide?...
Analysis: Microsoft, SCO have a lot more
explaining to do
Analysis: Microsoft, SCO have a lot more
explaining to do
03/08/2004 11:28 PMWhether or not Microsoft is secretly bankrolling the SCO Group for
more than $100 million to attack Linux and the general open source
community through questionable intellectual property lawsuits,
NewsForge has learned that U.S. federal regulators may have begun
investigating the relationship between the two companies -- and may
also be looking closely at a number of other people and companies
connected to them through stock or other business transactions.
I think Sandy Berger has some explaining
to do
I think Sandy Berger has some explaining
to do
07/20/2004 03:14 AMOoops again. Sandy
Berger
apnews.myway.com/article/20040720/D83U6TIO0.html
track this
site | 4 links
explaining margin of error
explaining margin of error
08/19/2004 07:18 PMand debunking the myth of a "statistical tie"
Advisory 06/2004: libneon date parsing
vulnerability
Advisory 06/2004: libneon date parsing
vulnerability
05/19/2004 01:33 PMStefan Esser (May 18 2004)
MDKSA-2004:097 - Updated cups packages
fix DoS vulnerability
MDKSA-2004:097 - Updated cups packages
fix DoS vulnerability
09/16/2004 01:29 PMMandrake Linux Security Team (Sep 15 2004)
MDKSA-2004:041 - Updated ProFTPD
packages fix vulnerability
MDKSA-2004:041 - Updated ProFTPD
packages fix vulnerability
04/30/2004 07:19 PMMandrake Linux Security Team (Apr 30 2004)
MDKSA-2004:090 - Updated zlib packages
fix DoS vulnerability
MDKSA-2004:090 - Updated zlib packages
fix DoS vulnerability
09/08/2004 12:58 PMMandrake Linux Security Team (Sep 07 2004)
MDKSA-2004:004 - Updated slocate
packages fix vulnerability
MDKSA-2004:004 - Updated slocate
packages fix vulnerability
01/24/2004 02:54 PMMandrake Linux Security Team (Jan 23 2004)
[RLSA_04-2004] QNX crrtrap possible race
condition vulnerability
[RLSA_04-2004] QNX crrtrap possible race
condition vulnerability
09/13/2004 07:56 PMJulio Cesar Fort (Sep 13 2004)
MDKSA-2004:038 - Updated sysklogd
packages fix vulnerability
MDKSA-2004:038 - Updated sysklogd
packages fix vulnerability
04/29/2004 01:18 PMMandrake Linux Security Team (Apr 28 2004)
MDKSA-2004:064 - Updated apache2
packages fix DoS vulnerability
MDKSA-2004:064 - Updated apache2
packages fix DoS vulnerability
06/30/2004 01:09 PMMandrake Linux Security Team (Jun 29 2004)
MDKSA-2004:044 - Updated libuser
packages fix vulnerability
MDKSA-2004:044 - Updated libuser
packages fix vulnerability
05/17/2004 07:37 PMMandrake Linux Security Team (May 17 2004)
MDKSA-2004:003 - Updated kdepim packages
fix vulnerability
MDKSA-2004:003 - Updated kdepim packages
fix vulnerability
01/16/2004 10:59 AMMandrake Linux Security Team (Jan 14 2004)
MDKSA-2004:093 - Updated squid packages
fix DoS vulnerability
MDKSA-2004:093 - Updated squid packages
fix DoS vulnerability
09/15/2004 03:20 PMMandrake Linux Security Team (Sep 15 2004)
Advisory 10/2004: Chora CVS/SVN Viewer
remote vulnerability
Advisory 10/2004: Chora CVS/SVN Viewer
remote vulnerability
06/14/2004 11:52 AMStefan Esser (Jun 13 2004)
NetBSD Security Advisory 2004-008: CVS
server vulnerability
NetBSD Security Advisory 2004-008: CVS
server vulnerability
06/03/2004 04:52 PMNetBSD Security-Officer (Jun 03 2004)
MDKSA-2004:017 - Updated pwlib packages
fix vulnerability
MDKSA-2004:017 - Updated pwlib packages
fix vulnerability
03/06/2004 01:52 AMMandrake Linux Security Team (Mar 03 2004)
MDKSA-2004:040 - Updated libpng packages
fix vulnerability
MDKSA-2004:040 - Updated libpng packages
fix vulnerability
04/30/2004 03:07 PMMandrake Linux Security Team (Apr 29 2004)
MDKSA-2004:005 - Updated jabber packages
fix DoS vulnerability
MDKSA-2004:005 - Updated jabber packages
fix DoS vulnerability
01/24/2004 02:54 PMMandrake Linux Security Team (Jan 23 2004)
Grok Description matches for Explaining the URL-Based Mac OS X Vulnerability (24-May-2004; 7.5K)
GrokA matches for Explaining the URL-Based Mac OS X Vulnerability (24-May-2004; 7.5K)
Explaining the URL-Based Mac OS X Vulnerability (24-May-2004; 7.5K)
