Great Reviews!Need help setting up your website, installing Apache, PHP, MySQL, or RavenNuke(tm)?Need help customizing or designing scripts?Please contact us via the Contact Us option for further details and pricing.
DESCRIPTION: Some vulnerabilities have been reported in Google Chrome, which potentially can be exploited by malicious people to compromise a user's system.
Posted by Raven on Friday, January 27, 2012 @ 02:12:23 EST (123 reads) (Read More... | 1191 bytes more | Score: 0)
Major Symantec breach highlights risks of running old software
Summary: Symantec says it has fewer than 50,000 users of pcAnywhere, a remote-access program that has been around for decades. It now says, for safety’s sake, those users should pull the plug. Immediately.
At this time, Symantec recommends disabling the product until Symantec releases a final set of software updates that resolve currently known vulnerability risks.
Posted by Raven on Friday, January 27, 2012 @ 00:51:47 EST (45 reads) ( | Score: 0)
Oracle to issue 78 patches, including 27 for MySQL
Southern writes "Oracle is set on Tuesday to release 78 security fixes for vulnerabilities in its database, middleware and applications, according to a preview announcement posted to the company's website this week.
A full 27 of those are targeted for the MySQL database. One of the vulnerabilities can be exploited over a network without log-in credentials. The highest CVSS (Common Vulnerability Scoring System) Base Score among the MySQL bugs is 5.5, which falls into the system's "medium" risk range.
Two other fixes are for Oracle's database, and Oracle is also planning to ship 11 patches for Fusion Middleware. Five of the bugs in the latter can be remotely exploited with no user authentication required.
Posted by Palbin on Wednesday, January 18, 2012 @ 14:18:17 EST (55 reads) ( | Score: 0)
RavenNuke(tm) Version 2.50.00 Released!
After more than a year since the last release of RavenNuke(tm) (v2.40.01) the RavenNuke(tm) Team is happy to announce the next release of your favorite CMS. There are some major changes, many fixes, enhancements and just too many to list. Be sure to read the Change Log for a list of all of the changes. Also be sure to consult the RNWIKI for additional information and help. There is a separate forum for just RN v2.5 issues. Be sure to ONLY use that forum.
The most important and major change in this release is adding the minimum requirement of PHP v5.2 or newer. You will need to be sure your host has v5.2 or newer installed or some things just won't work.
Posted by Raven on Wednesday, January 18, 2012 @ 01:15:53 EST (309 reads) (Read More... | 1124 bytes more | Score: 0)
What SOPA means for business & innovation (infographic)
Southern writes "Several tech companies and online communities have come out against the Stop Online Piracy Act (SOPA), a recently proposed piece of legislation that many feel will bring unnecessary censorship to the web. But much less attention has been given to how the bill will affect the overall landscape of business and innovation.
The bill, introduced by Rep. Lamar Smith in late October, gives both the U.S. government and copyright holders the authority to seek court orders against websites associated with infringing, pirating and/or counterfeiting intellectual property. So for example, a website that provides a collection of links to sites that illegally stream copyrighted video content could get shut down and taken to court under SOPA, despite the fact that the site isn’t streaming the content itself.
If the government had the sole responsibility of policing websites that violated copyrighted intellectual property, it would be a much different scenario. However, because the copyright holders also get to enforce the law (under SOPA), it allows them to push around anyone who may compete with them under the guise of upholding the law. Giant media companies — music labels, television networks and movie studios in particular — could easily take advantage of this situation.
Posted by Raven on Friday, January 13, 2012 @ 16:28:42 EST (51 reads) ( | Score: 0)
Security mandates aim to shore up shattered SSL system
Southern writes "Too little, too late
A consortium of companies has published a set of security practices they want all web authentication authorities to follow for their secure sockets layer certificates to be trusted by browsers and other software.
The baseline requirements (PDF), published this week by the Certification Authority/Browser Forum, are designed to prevent security breaches that compromise the tangled web of trust that forms the underpinning of the SSL certificate system. Its release follows years of mismanagement by individual certificate authorities permitted to issue credentials that are trusted by web browsers. Most notable is this year's breach of DigiNotar, which led to the issuance of a fraudulent certificate used to snoop on 300,000 Gmail users in Iran.
The four dozen or so members of the CAB Forum still have a way to go, since their requirements are meaningless unless they are mandated by the software makers who place their trust in the authorities.
Posted by Raven on Friday, January 13, 2012 @ 16:27:09 EST (54 reads) ( | Score: 0)
SQL Injection Attacks by Example
Southern writes ""SQL Injection" is subset of the an unverified/unsanitized user input vulnerability ("buffer overflows" are a different subset), and the idea is to convince the application to run SQL code that was not intended. If the application is creating SQL strings naively on the fly and then running them, it's straightforward to create some real surprises.
We'll note that this was a somewhat winding road with more than one wrong turn, and others with more experience will certainly have different -- and better -- approaches. But the fact that we were successful does suggest that we were not entirely misguided.
There have been other papers on SQL injection, including some that are much more detailed, but this one shows the rationale of discovery as much as the process of exploitation.
Posted by Raven on Friday, January 13, 2012 @ 16:26:03 EST (59 reads) ( | Score: 0)
Connection Strings Explained
Southern writes "Connection strings can be a bit obscure and is not often defined in a consistent way. This article straighten things out and sheds some light on how connection strings are used to connect an application to a data source.
Introduction
When your application connects to a database or a data file you let ADO or ADO.Net utilize a provider to do the job for you. The connection string contains the information that the provider need to know to be able to establish a connection to the database or the data file.
Because there are different providers and each providers have multiple ways to make a connection there are many different ways to write a connection string. It's like the address when sending a regular mail. Depending on the origin and destination and who is going to make the transport you need to write down the address in different ways.
DESCRIPTION: Multiple vulnerabilities have been reported in Opera, where one has an unknown impact and others can be exploited by malicious people to bypass certain security features, disclose potentially sensitive information, and hijack a user's session. The vulnerabilities are reported in versions prior to 11.60.
Posted by Raven on Wednesday, December 07, 2011 @ 17:10:48 EST (441 reads) (Read More... | 1717 bytes more | Score: 0)
![[Valid RSS]](http://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
:: 
::
