Saturday, March 31, 2012

[SECURITY] [DSA 2398-2] curl regression

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2398-2 security@debian.org
http://www.debian.org/security/ Florian Weimer
March 31, 2012 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : curl
Vulnerability : regression
Debian-specific: no
Debian Bug : 658276

cURL is a command-line tool and library for transferring data with URL
syntax. It was discovered that the countermeasures against the
Dai/Rogaway chosen-plaintext attack on SSL/TLS (CVE-2011-3389,
"BEAST") cause interoperability issues with some server
implementations. This update ads the the CURLOPT_SSL_OPTIONS and
CURLSSLOPT_ALLOW_BEAST options to the library, and the
- --ssl-allow-beast option to the "curl" program.

For the stable distribution (squeeze), this problem has been fixed in
version 7.21.0-2.1+squeeze2.

We recommend that you upgrade your curl packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJPd10cAAoJEL97/wQC1SS+888H/RqIFN6Ar1dMC5s/cqkKw6lv
s1TBltSE8pKe3oR3zS+z4RBKNG0RdxElON2Z9AlhqZM2XF9ZDf0jUKIBdrrdiSgm
tfh5pMH5rfMJrF3VODnXRZqzGm7zWlzZD2Q7H47OMwxgD5qd87ucuB3tWgc04xjv
scH/TbxW2AUoP68KB8POQiFN+TJc0m8WFyQIUiDx3eXw2Mx7qEVO0fWm2tLsDQFF
KoZ8cPS1aC3/S2nN3JfCOWZZ/X+i6kibASNZLxAAzEcPT/6heWNk8t+CeQdulXrD
1ZAcUj7A2+HMCHBaC1JNySL36eacs5A0l/HIouR+1M/jd/tnZKMZlv0gTb6h0FE=
=Oun5
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/877gy0blwu.fsf@mid.deneb.enyo.de

Cloud Daily News

Latest News Mar 31, 2012

Taking the Middle Road: The Need for Hybrid Clouds

Taking the Middle Road: The Need for Hybrid Clouds Hybrid cloud involves the use of public cloud and private cloud architectures working together. The key here is "working together", instead of having two silos of inoperable clouds. In theory, it combines the best of both the worlds, though in practice it is hard not to [...] ...

Read more... Twitter Facebook Linkedin

Cloud Infographic: What Type Of Cloud Hosting Do You Require?

Cloud Infographic: What Type Of Cloud Hosting Do You Require? Source: VandelayDesign Tags: Cloud, Cloud Hosting, graph, hosting service, hosting services, illustration, Infograph, Infographic, IT ...

Read more... Twitter Facebook Linkedin

Whitepaper: Reaping New Value from Existing ECM Solutions with the Cloud

Reaping New Value from Existing ECM Solutions with the Cloud For many organizations, enterprise content management has been an unrealized dream and the source of technological and budgetary challenges. Most large companies have invested millions in ECM solutions, but many are less than satisfied with their results. Even those that are happy with their deployments typically see them used by only [...] ...

Read more... Twitter Facebook Linkedin

Featured Free Resource

Ten Things You Should Know About SharePoint 2010

Examine the new features and requirements of SharePoint 2010 to help you deploy it in your organization.

Cloud Computing: Leading From The Front – Part 1

Cloud Computing: Leading From The Front – Part 1 Cloud computing is not just a trend. It is changing the way IT organizations drive business value. In a short span of time, cloud computing has changed the way in which businesses and individuals consume computing resources. Cloud signifies a fundamental shift from a traditional model [...] ...

Read more... Twitter Facebook Linkedin

Food, Water, Shelter, Cloud: The New Essential For Budding Entrepreneurs

Food, Water, Shelter, Cloud: The New Essential for Budding Entrepreneurs Thanks to cloud computing, entrepreneurship has never seemed so inviting. The cloud instinctively sizes itself to the needs of a business, eradicating overspending. In addition, its ease of access and zero expenditure on capital significantly simplify launch time. Even Forbes is proclaiming cloud computing’s advantages [...] ...

Read more... Twitter Facebook Linkedin

ScaleXtreme: Server Automation From The Cloud

ScaleXtreme: Server automation from the Cloud As one of the major Cloud Computing startups to watch for the past few years now, ScaleXtreme offers server automation for both private and public clouds and datacenters. Utilizing their API users can build, deploy, monitor and manage server automation, particular those involving system generation and ongoing server system management. [...] ...

Read more... Twitter Facebook Linkedin

Featured Free Resource

Top 5 New Features of vSphere 5

The author of this Top 5 list of new features of vSphere 5 uses discussions, examples, and diagrams to explain vSphere Storage Appliance (VSA), Policy-driven Storage, High Availability, vCenter VA (Linux), and ESXi Host Deployment (Image Builder and Auto Deploy).

The Lighter Side Of The Cloud – Disorganized
The Lighter Side Of The Cloud – Disorganized By David Fletcher Review our collection Tags: best cloud cartoon, Cloud, Cloud Computing, comic, Computing, humor, IT, the cloud ...

Read more... Twitter Facebook Linkedin

Creating Your Cloud Based Backup And Data Recovery Strategy
Creating your Cloud based Backup and Data Recovery strategy Data backups form an important part of an enterprise’s Disaster Recovery/Business Continuity planning (DR/BC). Traditionally the data was stored on tapes and physical media, at an off-site location, to mitigate the effect of the disaster. Saving the data on-site would have negated the benefit of having [...] ...

Read more... Twitter Facebook Linkedin

What Prompted Sony's Move from Amazon to Rackspace?
What Prompted Sony's Move from Amazon to Rackspace? From HP's announcement to invade its territory (See: HP Seeks to Give Amazon Competition with a New Public Cloud Service) to the loss of a big client, Amazon Web Services (AWS) is facing multiple challenges to its hegemony. While HP's move may still be some weeks away, [...] ...

Read more... Twitter Facebook Linkedin

You are receiving this newsletter because you opted-in to receive relevant communications from CloudTweaks Media. If you would like to manage your newsletter preferences or if you no longer wish to receive this newsletter, please click here.

CloudTweaks Media, 925 Boulevard de Maisonneuve Ouest
Contact: reply@cloudtweaks.com

[SECURITY] [DSA 2442-2] openarena regression

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2442-2 security@debian.org
http://www.debian.org/security/ Florian Weimer
March 31, 2012 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : openarena
Vulnerability : UDP traffic amplification
Problem type : remote
Debian-specific: no
CVE ID : CVE-2010-5077

The openarena update DSA-2442-1 introduced a regression in which
servers would cease to respond to status requests after an uptime of
several weeks.

For the stable distribution (squeeze), this problem has been fixed in
version 0.8.5-5+squeeze3.

We recommend that you upgrade your openarena packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJPdu15AAoJEL97/wQC1SS+EO4H/A3AE3MYGS+Mc17upIftsSdi
nbIE94RVAeSUz2p6I15jqqzOnC67Gp1xmeGniSeF6JIk+/J5aUqqrQnGid6k2vgc
OEEs8M+c8ce0ivBcf6J+t3IByF4vKAAkW8yd/isad/dcydzYx25IBDZL3ADhCWxg
eyPdTTm6Ey2D1mQvfq+hXhF5TvWMThGJU7FkajaYTyfXWh4rLbFZaOfJIEUA+7La
kIIuVpYHlwCfaRimjZtI1nDeXoQ9nX3+0HUpkCAMh6LK0b4qqM6hHT3DNqrwM/SU
uds+nuw0mi8R+IDlupIAAFn0nlVgwkG8+QaRCBDwq3DvY+sHM5df5UV7SrkCBKc=
=hKMs
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/87hax5c7xr.fsf@mid.deneb.enyo.de

[SECURITY] [DSA 2445-1] typo3-src security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2445-1 security@debian.org
http://www.debian.org/security/ Florian Weimer
March 31, 2012 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : typo3-src
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-1606 CVE-2012-1607 CVE-2012-1608

Several remote vulnerabilities have been discovered in the TYPO3 web
content management framework:

CVE-2012-1606
Failing to properly HTML-encode user input in several places,
the TYPO3 backend is susceptible to Cross-Site Scripting. A
valid backend user is required to exploit these
vulnerabilities.

CVE-2012-1607
Accessing a CLI Script directly with a browser may disclose
the database name used for the TYPO3 installation.

CVE-2012-1608
By not removing non printable characters, the API method
t3lib_div::RemoveXSS() fails to filter specially crafted HTML
injections, thus is susceptible to Cross-Site Scripting.

For the stable distribution (squeeze), these problems have been fixed in
version 4.3.9+dfsg1-1+squeeze3.

For the testing distribution (wheezy) and the unstable distribution
(sid), these problems have been fixed in version 4.5.14+dfsg1-1.

We recommend that you upgrade your typo3-src packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJPduYCAAoJEL97/wQC1SS+pQ4H/i/60HkUmm3wyur55Xvn6kCo
3A/idLzJTfSYvoE5V6KPxM5A23IGIermN9qiNO5nHHcRtRJkbFafZHtcoQZwBm1Z
Ryjx+gSt8s7C3WJKEDy76tHgcdhtSL9l3VMdTAMBv6ZVT1ts5WKUnoHFCu10yLQh
/EcuNctElQz6chub6yrTIgOViLwY+RTLYY9SlhE3rt6j2mpGyBZn2IK+QCIbpGBN
UCT0O7w1i4Jn5gYoxQuArM0+fy+ej/1r91O50DiCnXbp11xQxFHcK28QxVIQhYDi
B09MrGZdjxvLY+G3l0D4A1z+83bySa8R+qSHsMy8Q6m46ipk0LyOpjB17RdqnbI=
=dWxS
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/87wr61c9d0.fsf@mid.deneb.enyo.de

Friday, March 30, 2012

cfp:Computer Science & Engieering Conferences & Journals

**** Call for Papers ****
 
 
 
International workshop on Software Engineering and Applications
(SEA-2012)

Venue : The Connaught Hotel, May 26 ~ 27, 2012, Delhi, India.

 
International workshop on Cloud Computing: Services and Architecture (Cloud-2012)
Venue : The Connaught Hotel, May 26 ~ 27, 2012, Delhi, India.
 
International Workshop on Data Mining & Knowledge Management Process
(DKMP-2012)
Venue : The Connaught Hotel, May 26 ~ 27, 2012, Delhi, India.
 
First International workshop on Embedded Systems and Applications
(EMSA-2012)
Venue : The Connaught Hotel, May 26 ~ 27, 2012, Delhi, India.
 
Important Dates:
 
Submission deadline      :    05 April, 2012   
Acceptance notification:     05 May, 2012
Final manuscript due      :   10 May, 2012
 
 
International Journal of Information Technology Convergence and Services (IJITCS)
ISSN : 2231 - 153X (Online) ; 2231 - 1939 (Print)
 
Important Dates:
 
Submission deadline      :    31 March, 2012   
Acceptance notification:     20 April, 2012
Final manuscript due      :   25 April, 2012
 
 
Computer Science & Engineering: An International Journal (CSEIJ)
ISSN : 2231 - 329X (Online) ; 2231 - 3583 (Print)
 
International Journal of Advanced Information Technology (IJAIT)
ISSN : 2231 - 1548 [Online] ; 2231 - 1920 [Print]
 
 
 
Important Dates:
 
Submission deadline      :    10 April, 2012   
Acceptance notification:     05 May, 2012
Final manuscript due      :   08 May, 2012
 

Dissecting Cisco's FabricPath Ethernet technology

  Massive payments data breach originating with Central American gang through NYC garage? | Inside Google's London Campus, an incubator for tech startups
 
  Network World Daily News PM

Forward this to a Friend >>>


Dissecting Cisco's FabricPath Ethernet technology
Cisco's FabricPath data center Ethernet technology is designed to combine traditional, Spanning Tree-based Ethernet with a next-generation architecture that uses a link-state protocol to allow for multiple active paths. Deploying multiple active paths in a data center network is required to flatten the infrastructure to reduce latency and better support traffic flow between server racks. Read More


RESOURCE COMPLIMENTS OF: Rocky Mountain IPv6 Task Force

2012 North American IPv6 Summit
Become a certified IPv6 Engineer! Nephos6, in collaboration with the IPv6 Forum is hosting IPv6 certification testing. 2012 NA IPv6 Summit attendees can test for IPv6 certification during the conference. Save $50 off conference registration with this code: SPON700. Register Now

WEBCAST: Wildpackets

Distributed Network Analysis for Distributed Applications
Corporate computing has crossed the threshold to highly distributed -- whether your organization has 50 or 50,000 employees. It's imperative that you distribute your network analysis capabilities. Learn technologies and approaches to best deal with today's highly distributed network applications View Now

Massive payments data breach originating with Central American gang through NYC garage?
Both Visa and MasterCard Friday are acknowledging a possible data breach of a payment-card processing company network that, once an investigation is completed, could show that sensitive data from cardholders was stolen and payment fraud committed due to the break-in. Read More

Inside Google's London Campus, an incubator for tech startups
A look at Google's new 7-floor co-working fortress in London Read More

Windows 8 Update: Back up Windows Server 8 to the cloud
Microsoft is offering free tests of online backup for Windows Server 8 via its Azure cloud storage service, which could be a convenient way to protect data without having to spend a lot of time designing and cash outlay deploying private backup. Read More


WHITE PAPER: Silver Peak Systems, Inc.

Optimizing Offsite Disaster Recovery with Virtual WAN Op
Learn why one of the world's largest media companies chose Silver Peak virtual WAN Optimization for their cross country replication challenges including an on-demand media database requiring 7 x24 access. Complicating the challenge was a lack of space in the state-of-the-art data center for additional physical hardware. No problem. Learn more.

New IBM CEO in middle of Masters golf controversy
Two long-standing traditions at Augusta National Golf Club are on a collision course just a week before the institution's biggest event of the year. The host of the Masters, one of professional golf's most prestigious competitions, has never admitted a female member -- but the club's partnership with IBM has historically meant that the CEO of that company is offered one of the iconic green membership jackets. Read More

Ukraine shuts down forum for malware writers
Ukrainian authorities have shut down a long-running forum that was used to trade tips on writing malicious software, a sign the country's law enforcement may be watching hackers more closely. Read More

Intel plans 'superchip' for high-performance computing
Intel this week said it was investing in the development of a "superchip" for high-performance computing systems that the company hopes will raise its supercomputing profile. Read More


WHITE PAPER: PhoneFactor

5 Critical Considerations Before Renewing Security Tokens
As the threat landscape and needs of your users rapidly change, technology must also quickly evolve. This paper addresses five critical factors all IT buyers should consider before renewing or extending their security token implementation so they don't make a vital mistake by overpaying for outdated authentication technology. Learn More

BlackHole exploit targets Java bug through browser-based attacks
A powerful new exploit has been identified in the wild that could turn PCs running outdated versions of Java into bots for spam or DDoS attacks, or even loot them for sensitive information. Read More

Social media helps make indelible mark on lifesaving cause
Because we live in a world where social media permeates daily life, Annie Rose Ramos - or at least her tattooed back -- may soon become a symbol for a global lifesaving cause that will get a round of deserved attention as a result. First the picture, which has viral written on it as clearly as "half the sky": Nicholas Kristof of the New York Times explains on Google+: Read More

Cloud Value Must Extend Past Cost Savings
Yesterday I took some time out of my Enterprise Connect schedule and headed to New York to participate in a cloud event held by Navisite, a leading provider of cloud services. The theme of the event was "Cloud: Beyond ROI," which I thought was a good topic of conversation for anyone considering the cloud. Read More

The Byte - RIM revenue, Android tablets, Dell smartphones, OnStar Family Link
Research in Motion's fourth quarter revenue plummeted 25 percent as it struggles to stay relevant.Google will open an online store where it will market and sell tablets directly to consumers, according to the Wall Street Journal. Read More

 
 
 

SLIDESHOWS

20 iPad business apps every CIO should want
iPad apps for sales forces, IT departments and more.

JOIN THE NETWORK WORLD COMMUNITIES
As network pros you understand that the value of connections increase as the number of connections increase, the so called network effect, and no where is this more evident than in professional relationships. Join Network World's LinkedIn and Facebook communities to share ideas, post questions, see what your peers are working on and scout out job applicants (or maybe find your next opportunity). Network World on Facebook Network World on LinkedIn

MOST-READ STORIES

  1. Uncle Sam wants to hack foreign video consoles and scrape gamers' data
  2. Cisco forces manufacturer's hand; adopts Microsoft Lync
  3. 10 fun (and safe) ways to pretend to be a hacker
  4. How open source powers a Battlestar Galactica-inspired flight simulator
  5. Dissecting Cisco's FabricPath Ethernet technology
  6. IETF attendees reengineer their hotel's Wi-Fi network
  7. AOL unplugs 10,0000 servers, saves $5 million
  8. Google says 'Go' to new programming language
  9. Threat of a bullet in the face keeping cybercrooks cautious
  10. Critical milestones in Cisco history
 

Do You Tweet?
Follow everything from NetworkWorld.com on Twitter @NetworkWorld.

You are currently subscribed to networkworld_daily_news_alert as security.world@gmail.com.

Unsubscribe from this newsletter | Manage your subscriptions | Subscribe | Privacy Policy

If you are interested in advertising in this newsletter, please contact: bglynn@cxo.com

To contact Network World, please send an e-mail to customer_service@nww.com.

Copyright (C) 2011 Network World, 492 Old Connecticut Path, Framingham MA 01701

** Please do not reply to this message. If you want to contact someone directly, send an e-mail to customer_service@nww.com. **