phpBB3 takes giant strides from predecessor
,----[ Quote ]
| Computerworld Australia catches up with some key players behind the software:
| Henry Sudhof, Adam Reyher and Meik Sievertsen. They discuss the development
| process they use, the latest phpBB release and what they are doing to address
| the growing wave of spam and security threats.
`----
http://www.linuxworld.com.au/index.php/id;1937016361;fp;4;fpid;4
Developer Spotlight: Hitting the Seam with Gavin King
,----[ Quote ]
| Gavin King is the founder of Hibernate and JBoss Seam, open source projects
| that attempt to make life as an enterprise Java developer easier.
|
| We sat down with Gavin to discuss enterprise Java, open source and other
| tidbits related to Java.
`----
http://www.builderau.com.au/program/java/soa/Developer-Spotlight-Hitting-the-Seam-with-Gavin-King/0,339024620,339285612,00.htm
Q&A: Mozilla security chief outlines plan to protect Firefox users
,----[ Quote ]
| One of the things most difficult about browser security is that all browsers
| are designed to take content from an unknown site, and some of that content
| is going to be executable. Whether it's a Java applet or a Java script or
| ActiveX control, it's executing on a user's browser. You're enabling these
| robust applications on the Internet, this rich Web experience, while keeping
| the user and the machine safe. That's a pretty difficult thing for all of us
| to do. Software exists to support some function that enables a user or
| business. It's not for security to dictate to what the user should do. That's
| not how it should work.
`----
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyId=16&articleId=9060862&intsrc=hm_topic
She recently slammed her former employer (Microsoft). See below. But why does
she mention ActiveHacks controls? That's a Windows-only suicide.
Related:
Critical Vulnerability in Microsoft Metrics
,----[ Quote ]
| This is a small subset of all the vulnerabilities, because the
| vulnerabilities that are found through the QA process and the vulnerabilities
| that are found by the security folks they engage as contractors to perform
| penetration testing are fixed in service packs and major updates. For
| Microsoft this makes sense because these fixes get the benefit of a full test
| pass which is much more robust for a service pack or major release than it is
| for a security update.
`----
http://blog.mozilla.com/security/2007/11/30/critical-vulnerability-in-microsoft-metrics/
http://antitrust.slated.org/www.iowaconsumercase.org/011607/3000/PX03096.pdf
Skeletons in Microsoft’s Patch Day closet
,----[ Quote ]
| This is the first time I’ve seen Microsoft prominently admit to silently
| fixing vulnerabilities in its bulletins — a controversial practice that
| effectively reduces the number of publicly documented bug fixes (for those
| keeping count) and affects patch management/deployment decisions.
`----
http://blogs.zdnet.com/security/?p=316
Beware of undisclosed Microsoft patches
,----[ Quote ]
| Forget for a moment whether Microsoft is throwing off patch counts
| that Microsoft brass use to compare its security record with those
| of its competitors. What do you think of Redmond’s silent patching
| practice?
`----
http://blogs.zdnet.com/microsoft/?p=527
Microsoft is Counting Bugs Again
,----[ Quote ]
| Sorry, but Microsoft's self-evaluating security counting isn't really a
| good accounting.
|
| [...]
|
| The point: Don't count on security flaw counting. The real flaw is
| the counting.
`----
http://www.microsoft-watch.com/content/security/microsoft_is_counting_bugs_again.html?kc=MWRSS02129TX1K0000535
|
|