November 1st, 2011 by peter.bassill

Caution – Rant within

Cyber

Well the press have gone mad for “Cyber” now. Everywhere is awash with news on massive Cyber attacks being conducted against the UK’s infrastructure and enterprise, but it leaves a burning question in my head; Why are all these systems susceptible to attack? If these systems are that important, air gap that shit. Don’t have it connected to the public Internet in the first place.

Read the rest of this entry »

April 2nd, 2011 by peter.bassill

First update of the weekend, the victim machine has certainly had a very busy night.

Here is the first output form norman:

[ DetectionInfo ]
* Sandbox name: NO_MALWARE
* Signature name: W32/Spybot.CKBU

January 9th, 2010 by peter.bassill

Tuesday will see the usual scheduled release of Oracles patch update’s containing 24 security fixes for its database, application server and other products.

Ten of the patches directly affect the database, and two of the vulnerabilities addressed can be remotely exploited over a network without the need for a username and password, according to Oracle.

Affected database components include Application Express Application Builder, Listener, Data Pump, OLAP, Secure Backup, Spatial and Universal Installer. Both 11g and 10g database releases are affected.

The update also includes three fixes for Oracle’s application server. All three address vulnerabilities that can be exploited without a username or password. They affect the server’s Access Manager Identity Server and Oracle Containers for J2EE components.

Full details of the latest update are available on Oracle’s Web site.