Security token offering (STO) is a type of fundraising that is performed with a company offering tokenized securities. The defining feature of security token offerings is in its definition. Stocks, bonds and managed property trusts are another examples of securities.
Tag: essentially
Fetching artifact programmatically through REST/API in Nexus 3.x
There is so many case where it is desirable to pull down artifact from Sonatype #Nexus using REST API, unfortunately #Nexus 3.x Rest API are still under development…
Some use cases in Nexus 2.x:
- You have a script that uses #REST call to pull down the LATEST maven artifacts every night from Nexus and deploys them.
- You make extensive use of the #REST API in all your puppet modules
- You use the #Atlassian #Puppet module for Nexus for creating repository, groups, assigning repository to groups, updating the main config settings, things like proxy, email, realms, and so on. The Puppet module is simply a wrapper over the Nexus REST API and allows to essentially import those abstractions into #Puppet Config Management
Here is one possible workaround that does not use any REST API mvn org.apache.maven.plugins:maven-dependency-plugin:3.0.1:copy
-Dartifact=log4j:log4j:1.2.17:jar -DoutputDirectory=./
which is equivalent to https://gist.github.com/cedricwalter/e7739aab3d370ef83f1a13b8322e50be.js Gist Link
1.0.6 yesrterday and 1.0.7 today!
Joomla! 1.0.7 [ Sunburst ] is now available as of Sunday 15th January 2006 21:00 UTC for download here. 1.0.7 is essentially 1.0.6 repackaged to fix one major bug in 1.0.6 – therefore it should still be considered a Security Release. It contains nine (9) `Low Level` Security Fixes, and seventy (70) plus minor/non-critical bug fixes.
I’ve looked at the code, it contains small patches in all files, in 2 places I’ve found a code suppose to protect #Joomla against spoofing attack:
A spoofing attack, in computer security terms, refers to a situation in which one person or program is able to masquerade successfully as another. There is some tools (windows, linux) and EVEN a Firefox extension: Refspoof available at http://refspoof.mozdev.org/
WMF windows vulnerability still unpatched
Microsoft has one more time proove that even If You have a lot of money, a lot of talented programmer it is impossible to improve security in an existing huge codebase like windows….
Trustworthy Computing
This is a first: the Internet Storm Center is recommending trustworthy computing. They want you to trust that the unofficial patch for the Windows Metafile Volunerability that is currently being exploited by an IM worm. No patch from Microsoft at this time, and the exploit is arranged in such a manner that it cannot be detected by most intrusion detection systems (the snort rule will peg the CPU on your router) nor filtered by packet-inspecting firewalls (it spans two or more ethernet frames). Not really a whole lot of choice about this one.
read more at http://isc.sans.org
Someone has post this (see below) on slashdot, it explain clearly how You can get hacked…
It’s probably a hard problem to patch. From what I’ve gathered, this is a feature of WMFs, not a bug. They were designed before people even knew what the Internet was. WMFs, apparently, have the ability to specify code to be run on a failure to render. So the bad guys give you a bad WMF file, cleverly renamed as JPG, and stick it in an ad banner. You browse a site (with any browser), Windows fails to render the WMF (which it will recognize even if the filename says JPG), runs the specified failure code, and you’re hacked. That fast.
Changing code that’s this deeply buried in Windows is risky. The interpreter for WMF is one of the remnants of code left over from single-user computers, and they’ll have to test changes very thoroughly. They’re GOING to break things with this patch, because they’re removing a designed-in feature. They’re probably working feverishly to figure out how to minimize the damage, but some damage is inevitable. And the problem could be far worse than it appears; that DLL could be riddled with problems. It may not have been audited in many years.
This is yet another example of how you can’t retrofit security; the first Windows versions were designed when security wasn’t even an issue, when the Internet was barely a twinkle in Al Gore’s eye. There’s a mountain of code that was written just to work, not to worry about being handed malicious data. If a user passed bad values to a system call and it crashed, oh well. It was their fault for doing it. It’s not like they had anything to gain from it, after all. They owned the computer. Why on earth would the computer need to protect itself from its owner?
With the advent of the Net, Microsoft decided to both stay backward-compatible and extend what they had onto the Internet. And their focus for many years was on new features, not security. Essentially every security person at the time warned them — stridently — against the choices they were making. It was obviously going to be a trainwreck. This is just the latest in that ongoing collision between a single-user operating system and exposure to every computer in the world.
Even worse, it is sooo bad that some people open source tool to increase invisibility of this issue…
(News Here)
We released a new version of the metasploit framework module for the WMF flaw, this one uses some header padding tricks and gzip encoding to bypass all known IDS signatures. Consider this "irresponsible" if you like, but it clearly demonstrates that a run-of-the-mill signature-based IDS (or A/V) is not going to work for this flaw. If anyone has any questions about why we are releasing these types of modules so early after the disclosure, feel free to drop me an email.
Original Marketting information of Trustworthy Computing can be found here.
PS: SuSE 10.0 is not affected I know I know it is easy to hit someone laying on the ground 😉
Cédric Walter Blog 