Should have been posted yesterday | Let’s Read the Geek Mail
I’ve been playing some catch-up all morning. Yesterday had a hectic day working on a couple of client requirements. Spent most of the morning today trying to figure out how to install a CAPTCHA feature in one of my sites. If I don’t get sidetracked or I don’t forget, I’ll talk about this very important feature especially if you have a site that allows for registration and other stuff.
Yesterday, I wanted to introduce another section of the site that I plan to do every Thursday, I call it “Geek Mail”. I subscribe to a whole bunch of mailing lists that has something to do with Technology, Security and a whole bunch of other stuff that is essentially the overall theme of this blog. Sometimes I get to read some of them, but most of the time they languish in my mailbox as “clutter”.
So I figured, I post some of them here (at least the intro and the link to the actual article, don’t wanna get dinged on some weird copyright infringement thingamajig)… I see this as having three benefits: (1) it’ll force me to read more, since I’ll try not to post anything that don’t make any sense to me; (2) hopefully some of you will get some valuable nuggets out of these articles; (3) If the links don’t get outdated, it’ll help create my own personal knowledgebase just in case I am researching something, which you can use as well.
A quick disclaimer: Some of the links will require you to subscribe to their newsletter or whatever else they are offering. Please read and use your common sense. I have nothing to do with these people, I am much of a browser of their sites as you are and I am not getting paid on any of this stuff (If ever I am paid for anything I write – you will know). It is for your information and if you find value on the info, it is your job and your responsibility to take the necessary steps to get and properly use the info.
So without further ado, Let’s Read Geek Mail: Read more
Join Me On Facebook
Business Tech Press Releases- tw telecom Awarded South Carolina Contract to Offer State Government Telecommunication Services February 11, 2012
- Vidable Inc. Launches in Test Market February 10, 2012
- HostWire Merges into WRGL February 10, 2012
- Altera Announces Upcoming Schedule of Events With the Financial Community February 10, 2012
- Faruqi & Faruqi, LLP Announces Investigation of Powerwave Technologies, Inc. February 10, 2012
- From the National Vulnerability Database
- CVE-2011-3958 (chrome) February 7, 2012Google Chrome before 17.0.963.46 does not properly perform casts of variables during handling of a column span, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. […]nvd@nist.gov
- CVE-2012-1033 (bind) February 7, 2012The resolver in ISC BIND 9 through 9.8.1-P1 does not properly implement a cache update policy, which allows remote attackers to trigger continued resolvability of domain names that are no longer registered via an unspecified "Ghost Names exploit." […]nvd@nist.gov
- CVE-2011-3971 (chrome) February 7, 2012Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to mousemove events. […]nvd@nist.gov
- CVE-2011-3954 (chrome) February 7, 2012Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via vectors that trigger a large amount of database usage. […]nvd@nist.gov
- CVE-2011-3970 (chrome, libxslt) February 7, 2012libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. […]nvd@nist.gov
- CVE-2012-0926 (realplayer, realplayer_sp) February 7, 2012The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle height and width values, which allows remote attackers to execute arbitrary code via a crafted RV10 RealVideo video stream. […]nvd@nist.gov
- CVE-2011-3969 (chrome) February 7, 2012Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout of SVG documents. […]nvd@nist.gov
- CVE-2011-3956 (chrome) February 7, 2012The extension implementation in Google Chrome before 17.0.963.46 does not properly handle sandboxed origins, which might allow remote attackers to bypass the Same Origin Policy via a crafted extension. […]nvd@nist.gov
- CVE-2011-3968 (chrome) February 7, 2012Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving Cascading Style Sheets (CSS) token sequences. […]nvd@nist.gov
- CVE-2012-1035 (ada_web_services) February 7, 2012AdaCore Ada Web Services (AWS) before 2.10.2 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. […]nvd@nist.gov
- CVE-2011-3958 (chrome) February 7, 2012