SecurityBob writes “Debian package maintainers tend to very often alter the source code of the package they are maintaining so that it superior fits into the distribution itself. However, most of the time, their changes are not sent back to upstream for validation, which might cause some tension between upstream developers and Debian packagers. Today, a critical security advisory has been released: a Debian packager altered the source code of OpenSSL back in 2006 so as to remove the seeding of OpenSSL random number generator, which in turns makes cryptographic key material generated on a Debian system guessable. The solution? Upgrade OpenSSL and re-generate all your SSH and SSL keys. This problem not only affects Debian, but also all its derivatives, such as Ubuntu.” Reader RichiH also points to Debian’s announcement and Ubuntu’s announcement.

Read more of this story at Slashdot.

Share This

Share This

SkiifGeek, pointing to our recent coverage of what the NSA went through to create SELINUX, wants to know just how effective system hardening is at preventing successful attack, and writes “When Jay Beale presented at DefCon 14, he quoted statistics (PDF link) that Bastille protected against every major threat targeting Red Hat 6, before the threats were known. With simple techniques available for the each day user which can begin them on the path towards system hardening, just how effective have you found system and network hardening to be? The NSA does have some excellent guides to help harden not only your OS but also your browser and network equipment.”

Read more of this story at Slashdot.

Share This

Share This

coondoggie writes to tell us that the Federal Trade Commission (FTC) will be taking a look at contactless payment systems and the consumer protection issue surrounding them. “RFID technology provides obvious benefits, the FTC said. For example, the ability of producers using RFID to track exactly where in the supply chain their products are and by which retailer they were ultimately sold to a consumer has the potential to make product recalls more effective. However, there also may be costs regarding consumers’ individual privacy rights associated with it.”

Read more of this story at Slashdot.

Share This

Share This

stevegee58 writes “Tom Ricks’ Inbox in the Sunday Washington Post reported that bootleg DVDs purchased in Iraqi markets (’souks’) are frequently infected with viruses. Iraqi soldiers were affected as well; electronic interaction between Iraqi and US soldiers frequently resulted in a corresponding exchange of viruses from these infected DVDs.”

Read more of this story at Slashdot.

Share This

Share This

Stony Stevenson alerts us to new information on the XP SP3-induced crashes that we discussed a few days back. Jesper Johansson, a former program manager for security policy at Microsoft, is maintaining an ongoing log and support site for users affected by any of several problems triggered by XP3. Machines using AMD hardware, particularly HP desktops, seem to have several modes of failure; others affect Intel machines.

Read more of this story at Slashdot.

Share This

Share This

thermian writes “I’ve been developing my open source project for several years now, and I’ve never found a solution to one fairly important issue. How can a small-scale project attract new members? My project is pretty specialist, (no URL, sorry, I can’t afford to get my server nuked) and I find that while it gets a fair bit of use, most users come to my software out of a need to solve their problem, or use my tutorials to learn about the subject, and none seem inclined to stick around and help make the product superior. This is a fairly serious problem for me now, because my software has recently been adopted by a university, and I’m just not in a position to manage the entire set of applications and update everything on my own. Just preparing a version for release to students has been especially hard. The open source maxim ‘Many eyes make all bugs shallow’ only works if those ‘many eyes’ are available. So do you have any suggestions as to how, and where, to find people who fancy joining open source projects?”

Read more of this story at Slashdot.

Share This

Share This

Sniper223 notes a PC World article on a new kind of rootkit recently developed by researchers, which will be demoed at Black Hat in August. The rootkit runs in System Management Mode, a longtime feature of x86 architecture that allows for code to run in a locked part of memory. It is stated to be harder to detect, potentially, than VM-based rootkits. The article notes that the technique is unlikely to lead to widespread expoitation: “Being divorced from the operating system makes the SMM rootkit stealthy, but it also means that hackers have to write this driver code expressly for the system they are attacking.”

Read more of this story at Slashdot.

Share This

Share This

An anonymous reader sends in an IBM DeveloperWorks article detailing the changes coming in PHP V6 — from namespaces, to Web 2.0 built-ins, to a few features that are being removed.

Read more of this story at Slashdot.

Share This

Share This

Ameris Bank: your community bank for free checking, on the web checking
Welcome to Ameris Bank: community banking, checking accounts and online banking with services in Georgia, Alabama Jacksonville, Florida, and South Carolina.

georgia.gov - Department of Banking and Finance
Welcome to georgia.gov, the Say of Georgia’s official website. For online access to Georgia government. Quick Links. Subject of Your Inquiry Index of various consumer topics

On the web Banking
Welcome to our World wide web Banking service. You must have an account with us to use this system. If you’ve an account and would like to sign up, click the ENROLL

Banking Information from the FRBSF
A gateway for bankers and financial institutions to information from the Federal Reserve Bank of San Francisco’s Banking Supervision and Regulation department

Wachovia - Personal Finance and Business Financial Services
Financial services company offers on the web banking, bill pay, brokerage, loans, and financial planning, as well as services for small businesses and corporations.

Jasper Banking
Welcome to Jasper Banking Company We are an independent bank, locally owned and managed since 1945. We are committed to providing financial services and products to our entire

Johnson Bank: We’ll Treat You Like Family
With locations in Wisconsin and Arizona, Johnson Bank provides on the internet banking, checking, savings, loans, investment services, mortgages, estate planning, stocks, bonds, mutual

Financial Banking
Oracle for Banking delivers a powerful combination of technology and comprehensive, preintegrated business applications.

BANKING : 05/10/00 1st US BANKING Group
BANKING: 05/10/00 1st US BANKING Group Yahoo! Groups Tips Did you know Want to share photos of your group with the world? Add a group photo to Flickr.

Banking
Industry Banking. This Focus Area has been revised into a new Banking and Investment Services area. Please click here to be forwarded to the page.

Banking-Commerce-Personal Banking
Welcome to Commerce Bank - America’s Most Convenient Bank Checking Accounts It’s your money - stop paying all those nickel and dime service charges!

Banking and Budgeting Articles,Calculators,Tools,and Advice - Banking
Banking and Budgeting - Articles, Calculators, Tools, and Advice at Yahoo! Personal Finance Here’s a look at which financial institutions are meeting or exceeding consumers

Share This

Share This

cynagh0st writes “A Pew World wide web & American Life Project report indicates that of an overwhelming majority of Chinese people that believed the Internet should be ‘managed or controlled,’ 85% want the government to do this managing. This is resulting from surveys on Internet use over the last seven years in China. ‘The survey findings discussed here, drawn from a broad-based sample of urban Chinese Internet users and non-users alike, indicate a degree of comfort and even approval of the notion that the government authorities should control and manage the content available on the World wide web.’ The report goes further into describing the divide in perspective between China and Western Nations on the matter and discusses the PRC’s justifications for Internet control.”

Read more of this story at Slashdot.

Share This

Share This