Privacy and security news and privacy and security widget

September 5, 2008, 11:24 PM - - If you have TrendMicro internet Security Pro and have done a scan to find that you have far too many ...

A workaround emerged from Oracle as news circulated of a remotely exploitable flaw, without requiring authentication, involving the WebLogic platform.Both the WebLogic Server and WebLogic Express products, acquired by Oracle when the company purchased BEA, suffer from the newly disclosed vulnerability. SANS internet Storm Center said the problem stems from the Apache Connector used by the products. A WebLogic advisory noted the flaw could be exploited without authentication. Sites using Apache servers that are already configured with the mod_security module are protected from this vulnerability by the default core ruleset, according to the advisory. Using mod_security with the WebLogic plug-in for Apache serves as one workaround suggested by Oracle. The other workaround calls for an edit to httpd.conf and a restart: It is possible to configure Apache and avert this vulnerability by rejecting certain invalid requests. To do so, add the following parameter to the httpd.conf file and

"Internet Security for Grown-Ups," a free seminar, will be held October 1 from 6 to 8 p.m. at St.

It's been only a few days since google released its Chrome browser, and security researchers are still digging into the software in search of the first few flaws.