Open source outfit releases vulnerability for IE vulnerability

Grok Headline matches for Open source outfit releases vulnerability for IE vulnerability

Open source outfit releases patch for IE
vulnerability

Open source outfit releases patch for IE
vulnerability 12/19/2003 11:26 AM
What a kind, festive thought...

OSVDB - OPen Source Vulnerability
Database

OSVDB - OPen Source Vulnerability
Database 04/14/2004 06:26 AM
OSVDB - OPen Source Vulnerability Database
http://www.osvdb.org/

OSVDB is an independent and open source database created by and for the security community. The goal of the project is to provide accurate, detailed, current, and unbiased technical information on security vulnerabilities. The project will promote greater, more open collaboration between companies and individuals, eliminate redundant works, and reduce expenses inherent with the development and maintenance of in-house vulnerability databases. This will be added to Security Resources 2004 Internet MiniGuide.

Re: NISCC Vulnerability Advisory 236929:
Vulnerability Issues in TCP

Re: NISCC Vulnerability Advisory 236929:
Vulnerability Issues in TCP 05/11/2004 06:04 PM
Florian Weimer (May 11 2004)

NISCC Vulnerability Advisory 236929:
Vulnerability Issues in TCP

NISCC Vulnerability Advisory 236929:
Vulnerability Issues in TCP 04/20/2004 02:16 PM
David Ahmad (Apr 20 2004)

Microsoft releases source code to open
source community

Microsoft releases source code to open
source community 05/05/2004 04:06 AM
About a month ago, Microsoft posted some of its source code to SourceForge. SourceForge is a, if not the, major distribution point for open source software. Microsoft's code was put there under the terms of the Common Public License, which allows modification, addition, redistribution - in short, it allows most of the rights and privileges that we associate with open source software.

TCP vulnerability leaves Internet
backbone open to attack

TCP vulnerability leaves Internet
backbone open to attack 04/20/2004 10:00 PM
A recently-disclosed TCP could leave major Internet routers and other backbone vulnerable to attack. Mitigation won't be easy, as the exploit takes advantage of a TCP design decision.

Vulns: Open WebMail Email Header HTML
Injection Vulnerability

Vulns: Open WebMail Email Header HTML
Injection Vulnerability 07/08/2004 09:02 PM
SecurityFocus Jul 9 2004 0:06AM GMT

Open Source Firm Releases Patch for IE
Bug

Open Source Firm Releases Patch for IE
Bug 12/18/2003 09:53 PM
An anonymous reader writes "An open source and freeware software development web site has released a patch to fix the URL spoofing vulnerability in Internet ...

BitMover Releases Open Source BitKeeper
Client

BitMover Releases Open Source BitKeeper
Client 03/19/2005 03:08 AM
Slashdot Mar 18 2005 11:53AM GMT

BEA releases open-source WebLogic Java
tool

BEA releases open-source WebLogic Java
tool 05/20/2004 06:56 AM
Computer Weekly May 20 2004 11:18AM GMT

Open source firm releases patch for IE
spoofing flaw

Open source firm releases patch for IE
spoofing flaw 12/19/2003 11:23 AM
An open source and freeware software development web site has released a patch to fix the URL spoofing vulnerability in Internet Explorer, which can be exploited by scammers who try to trick people into revealing details of online banking accounts or other private information. Openwares.org, a Vaunatian company, with branches in Israel, the US and France, released the patch and the source code for the same a couple of days back. The company has also set up two pages where users can test to see if they are vulnerable to the exploit, one a fake Microsoft Update example and the other an example of a fake PayPal site.

Microsoft releases first open source
project with externally-created license

Microsoft releases first open source
project with externally-created license 04/09/2004 04:10 PM
InternetNews.com: "WiX is the first project from Microsoft to be released under the Common Public License, an externally created open source license." Slashdot readers remain skeptical, but I think the world is truly changing....

Open source firm releases patch for IE
spoofing flaw - theage.com.au

Open source firm releases patch for IE
spoofing flaw - theage.com.au 12/20/2003 06:23 AM
Open source firm releases patch for IE spoofing flaw .. released a patch .. esta notcia .. Full Story .. that's

theage.com.au/articles/2003/12/18/1071337072117.html
track this site | 6 links

ActiveState Releases First Professional
IDE for Open Source Programming
Languages on Solaris

ActiveState Releases First Professional
IDE for Open Source Programming
Languages on Solaris 12/08/2003 07:16 PM
Komodo IDE for Perl, PHP, Python, Tcl, + XSLT at SunNetwork Conference

Open-Source Mesh Group Releases
Software, Discusses Social Goals

Open-Source Mesh Group Releases
Software, Discusses Social Goals 04/28/2004 01:03 PM
Champaign-Urbana Community Wireless Network releases first-generation mesh/cloud software, seeks input and development: I spoke with Sascha Meinrath, one of the folks leading the CUWiN project, about the scope of the project, their goals for outside participation, and his recent trip to Amsterdam to meet with a group designing documentation on wireless networks for developing nations. The CUWiN project wants to allow self-forming, noncentralized, mesh-based Wi-Fi networks using standard, old PCs with no configuration. Slightly more advanced units could be ruggedized boxes using Compact Flash, but the basic unit would be a 486 or later PC with a bootable CD-ROM or bootable floppy that bootstraps a CD-ROM. Once booted, a unit finds other similar units without any other configuration or control and forms a mesh. "We've been developing software now since about 2000, and our idea is to build software that is super user friendly, super easy for someone who doesn't understand the nuances of the technology or community wireless networking to set up their own system," said Meinrath. It's an attempt to enable community networking to spread beyond the folks who are self-starters. To test their current software, they put together a bunch of old Pentium 133-based system with off-the-shelf Wi-Fi gear, burned CD-ROMs, booted the boxes and watched the mesh network form within five minutes. However, the current generation of software "won't scale well: there's no route prioritization, and there's this problem of the hidden node problem," he said. (In a hub-and-spoke network, hidden nodes can see the hub not other spokes and can disrupt other network traffic by improperly sending at times when other nodes are transmitting resulting in interference and back-off behavior that reduces network performance. Mesh avoids some hub and spoke problems, but can effectively move the hidden node problem to any mesh point that has some connected nodes that can hear each other and some that cannot.) CUWiN is design a system to prioritize routes among mesh nodes based on MIT Roofnet, and are looking into the Hazy Sighted Link State (HSLS) routing issue. HSLS uses packet economics: more dropped packets in a given route de-emphasizes it shunting more traffic to more successful routes. (Read more about this in CUWiN's FAQ.) The software release by CUWiN of a CD-ROM image containing bootable node software along with the developer's resource (distributed under a BSD license with plans to move to a GPL license) is part of...

Open Source Apps Developer SugarCRM
Releases Sugar.Sales 1.1 (TechWeb)

Open Source Apps Developer SugarCRM
Releases Sugar.Sales 1.1 (TechWeb) 08/14/2004 03:04 AM
TechWeb - News - August 13, 2004

NEW ROUND OF RELEASES EXTENDS MOZILLA
PROJECT'S STANDARDS BASED OPEN SOURCE
OFFERINGS

NEW ROUND OF RELEASES EXTENDS MOZILLA
PROJECT'S STANDARDS BASED OPEN SOURCE
OFFERINGS 02/10/2004 02:50 AM
Mozilla Firebird gets .8 Release, and New Name : Firefox .. Mozilla invites you to play with its newest experiment: .. Mozilla Firebird version 0.8 has being released .. ha cambiado de nombre .. the press release .. Firefox

mozilla.org/press/mozilla-2004-02-09.html
track this site | 8 links

MOZILLA RELOADS FIREFOX: Open source
group releases new preview release of
next generation browser

MOZILLA RELOADS FIREFOX: Open source
group releases new preview release of
next generation browser 06/15/2004 08:26 AM
Mozilla Foundation's press release about Firefox 0.9 .. »MOZILLA RELOADS FIREFOX« .. Mozillan lehdisttiedotteesta

mozilla.org/press/mozilla-2004-06-15.html
track this site | 5 links

NOSI, the Nonprofit Open Source
Initiative, announces the release of its
new guide "Choosing and Using Open
Source Software: A Primer for
Nonprofits."

NOSI, the Nonprofit Open Source
Initiative, announces the release of its
new guide "Choosing and Using Open
Source Software: A Primer for
Nonprofits." 02/17/2004 11:57 PM
As per a recent post, I love to see (and hope to one day do it myself) Open Source Software in Non-Profits. Seems http://www.nosi.net found my post: http://thelostolive.net/tlo/comments.php?id=1786_0_1_0_C And commented the release of its new guide "Choosing and Using Open Source Software: A Primer for Nonprofits." And now in their own words: ___snip____ -- From: Katrin Verclas Email: steering (a) nosi.net Hi, Kevin - NOSI actually just released a new...

Open-source activist Bruce Perens joins
open-source defense group

Open-source activist Bruce Perens joins
open-source defense group 05/07/2004 04:33 PM
A key leader in the open-source software movement has been appointed to the board of Open Source Risk Management, which is defending the legal standing of open-source software.

Do You Suffer from Open Source Phobia? -
six reasons you might relent and be
ready for an extreme makeover - OPEN
SOURCE - Magazine - Darwin Magazine

Do You Suffer from Open Source Phobia? -
six reasons you might relent and be
ready for an extreme makeover - OPEN
SOURCE - Magazine - Darwin Magazine 03/08/2004 11:20 PM
http://www.darwinmag.com/read/030104/open.html ASK A GROUP OF corporate IT leaders whether they'd rather stick their arms into a box of tarantulas or allow open source software (OSS) on their networks, and odds are most would start rolling up their sleeves. Not to do any downloading, either.

Slashdot on Open Source Ideas and Open
Source Life

Slashdot on Open Source Ideas and Open
Source Life 06/23/2004 08:27 PM
As Canada protects the patents on genes, Download Aborted wonders whether the genetic code should be considered Open Source. It's slashdotted here. And as atonement for saying something positive about the people at Microsoft — man, you folks are rough! — here's some slashdottism about the anti-Open Source think tanks that Microsoft is funding. (But I still like the Microsofties I've met. So there.)...

Open source process for open source
development

Open source process for open source
development 04/05/2005 11:50 AM

Sun has given every possible indication that Open Solaris will be run as a true open source project. The latest indication is the make-up of the board of directors: Casper Dik, Roy Fielding, Al Hopper, Simon Phipps, and Rich Teer. (via Simon Phipps - congrats Simon!)

Open source opportunity, open source
risk

Open source opportunity, open source
risk 09/22/2004 10:44 AM
I've been traveling more than usual lately, and while on the road I've been working my way through the ITConversations audio archive. It's full of gems, and one of them is Doug Kaye's interview with Philip Greenspun. While discussing the ArsDigita flameout, Greenspun offers insightful perspectives on the opportunity, and the risk, of open source as a business model. ...

KDE Vulnerability

KDE Vulnerability 08/12/2004 06:18 AM

Direct and Related Links for 'KDE Vulnerability'

“Two vulnerabilities have been discovered in KDE, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. 1) Certain directories and files are created insecurely when a user runs a KDE application outside the KDE environment or as another user. This can be exploited via symlink attacks to overwrite or truncate arbitrary files or prevent KDE applications from accessing certain directories. This vulnerability affects KDE 3.2.3…

Vulnerability with XP SP2

Vulnerability with XP SP2 08/18/2004 06:29 AM
Just to bare in mind, Microsoft are dealing with this and are holding off SP2s release on Automatic Update because of it. There's a bug in the implementation of a new security feature; it'd be hard to criticize Microsoft too hard for this problem.

"With Service Pack 2, Microsoft introduces a new security feature which warns users before executing files that originate from an untrusted location (zone) such as the Internet. There are two flaws in the implementation of this feature: a cmd issue and the caching of ZoneIDs in Windows Explorer. The Windows command shell cmd ignores zone information and starts executables without warnings. Virus authors could use this to spread viruses despite the new security features of SP2.

Windows Explorer does not update zone information properly when files are overwritten. So it can be tricked to execute files from the internet without warning."

Heise do concede that it would take a fair amount of user interaction for a virus writer to use this vulnerability. However, as they point out, the powers of social engineering and playing on less IT adept people do mean that it's not that in-conceivable it could happen. With Service Pack 2, Microsoft had clearly been hoping for less vulnerabilities, and will no doubt be disappointed with this news.

View: More info @ Heise.de

Read full story...

Php Vulnerability N. 2

Php Vulnerability N. 2 09/16/2004 01:29 PM
Stefano Di Paola (Sep 15 2004)

Re: [USN-52-1] vim vulnerability

Re: [USN-52-1] vim vulnerability 12/25/2004 05:09 PM
Liu Die Yu (Dec 23 2004)

PHP Vulnerability N. 1

PHP Vulnerability N. 1 09/15/2004 03:20 PM
Stefano Di Paola (Sep 15 2004)

802.11 Has DoS Vulnerability

802.11 Has DoS Vulnerability 05/13/2004 08:11 PM
Internet News May 13 2004 11:39PM GMT

[USN-108-1] GDK vulnerability

[USN-108-1] GDK vulnerability 04/06/2005 05:45 PM
Posted by Martin Pitt, Apr 05 2005

IE6 + XP SP2 Vulnerability

IE6 + XP SP2 Vulnerability 09/17/2004 12:37 AM
cns (Sep 15 2004)

Vulnerability in 2.6 and 2.61

Vulnerability in 2.6 and 2.61 03/13/2003 10:15 AM
If you upgraded to 2.6 or 2.61, you need to upgrade immediately to 2.62. There is a security vulnerability in...

[USN-52-1] vim vulnerability

[USN-52-1] vim vulnerability 12/24/2004 12:36 PM
Martin Pitt (Dec 23 2004)

PHP CGI Vulnerability

PHP CGI Vulnerability 02/20/2003 10:46 AM
PHP CGI Vulnerability I don't know how many folks are actually doing php as a CGI but if so ... [17-Feb-2003] The PHP Group today announced the details of a serious CGI vulnerability in PHP version 4.3.0. A security update, PHP 4.3.1, fixes the issue. Everyone running affected version of PHP (as CGI) are encouraged to upgrade immediately. The new 4.3.1 release does not include any other changes, so upgrading from 4.3.0 is safe and painless. [_Go_] I have to commend the php team for NOT including any other changes thereby making it much more likely that affected systems get patched. Good going!

Vulnerability in man < 1.5l

Vulnerability in man < 1.5l 03/13/2003 10:22 AM
Jack Lloyd (Mar 11 2003)

LDU (land down under) xss vulnerability

LDU (land down under) xss vulnerability 05/29/2004 03:25 PM
tim de gier (May 29 2004)

[USN-111-1] Squid vulnerability

[USN-111-1] Squid vulnerability 04/14/2005 10:14 PM
Posted by Martin Pitt, Apr 14 2005

IMWheel Vulnerability

IMWheel Vulnerability 08/27/2004 09:14 PM

Direct and Related Links for 'IMWheel Vulnerability'

“I)ruid has reported a vulnerability in IMWheel, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges or cause a DoS (Denial of Service)….
Grok Description matches for Open source outfit releases vulnerability for IE vulnerability
GrokA matches for Open source outfit releases vulnerability for IE vulnerability

Open source outfit releases vulnerability for IE vulnerability

The following phrases have been identified by the grok system as matching this entry: