SECUNIA ADVISORY ID: SA47694

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47694/

RELEASE DATE: 2012-01-24

CRITICALITY: Highly Critical

DESCRIPTION: Some vulnerabilities have been reported in Google Chrome, which potentially can be exploited by malicious people to compromise a user's system. Read More...

By Ed Bott | January 25, 2012, 4:56pm PST

Summary: Symantec says it has fewer than 50,000 users of pcAnywhere, a remote-access program that has been around for decades. It now says, for safety’s sake, those users should pull the plug. Immediately.

At this time, Symantec recommends disabling the product until Symantec releases a final set of software updates that resolve currently known vulnerability risks.

Read entire story

Southern writes:  

Oracle is set on Tuesday to release 78 security fixes for vulnerabilities in its database, middleware and applications, according to a preview announcement posted to the company's website this week.

A full 27 of those are targeted for the MySQL database. One of the vulnerabilities can be exploited over a network without log-in credentials. The highest CVSS (Common Vulnerability Scoring System) Base Score among the MySQL bugs is 5.5, which falls into the system's "medium" risk range.

Two other fixes are for Oracle's database, and Oracle is also planning to ship 11 patches for Fusion Middleware. Five of the bugs in the latter can be remotely exploited with no user authentication required.

more: ITWorld

After more than a year since the last release of RavenNuke(tm) (v2.40.01) the RavenNuke(tm) Team is happy to announce the next release of your favorite CMS. There are some major changes, many fixes, enhancements and just too many to list. Be sure to read the Change Log for a list of all of the changes. Also be sure to consult the RNWIKI for additional information and help. There is a separate forum for just RN v2.5 issues. Be sure to ONLY use that forum.

The most important and major change in this release is adding the minimum requirement of PHP v5.2 or newer. You will need to be sure your host has v5.2 or newer installed or some things just won't work. Read More...

Southern writes:  

Several tech companies and online communities have come out against the Stop Online Piracy Act (SOPA), a recently proposed piece of legislation that many feel will bring unnecessary censorship to the web. But much less attention has been given to how the bill will affect the overall landscape of business and innovation.

The bill, introduced by Rep. Lamar Smith in late October, gives both the U.S. government and copyright holders the authority to seek court orders against websites associated with infringing, pirating and/or counterfeiting intellectual property. So for example, a website that provides a collection of links to sites that illegally stream copyrighted video content could get shut down and taken to court under SOPA, despite the fact that the site isn’t streaming the content itself.

If the government had the sole responsibility of policing websites that violated copyrighted intellectual property, it would be a much different scenario. However, because the copyright holders also get to enforce the law (under SOPA), it allows them to push around anyone who may compete with them under the guise of upholding the law. Giant media companies — music labels, television networks and movie studios in particular — could easily take advantage of this situation.

more: Venture Beat

Southern writes:  

Too little, too late

A consortium of companies has published a set of security practices they want all web authentication authorities to follow for their secure sockets layer certificates to be trusted by browsers and other software.

The baseline requirements (PDF), published this week by the Certification Authority/Browser Forum, are designed to prevent security breaches that compromise the tangled web of trust that forms the underpinning of the SSL certificate system. Its release follows years of mismanagement by individual certificate authorities permitted to issue credentials that are trusted by web browsers. Most notable is this year's breach of DigiNotar, which led to the issuance of a fraudulent certificate used to snoop on 300,000 Gmail users in Iran.

The four dozen or so members of the CAB Forum still have a way to go, since their requirements are meaningless unless they are mandated by the software makers who place their trust in the authorities.

more: Packet Storm Security