Privacy and security news and privacy and security widget

A workaround emerged from Oracle as news circulated of a remotely exploitable flaw, without requiring authentication, involving the WebLogic platform.Both the WebLogic Server and WebLogic Express products, acquired by Oracle when the company purchased BEA, suffer from the newly disclosed vulnerability. SANS internet Storm Center said the problem stems from the Apache Connector used by the products. A WebLogic advisory noted the flaw could be exploited without authentication. Sites using Apache servers that are already configured with the mod_security module are protected from this vulnerability by the default core ruleset, according to the advisory. Using mod_security with the WebLogic plug-in for Apache serves as one workaround suggested by Oracle. The other workaround calls for an edit to httpd.conf and a restart: It is possible to configure Apache and avert this vulnerability by rejecting certain invalid requests. To do so, add the following parameter to the httpd.conf file and

American companies operating in China have what might be considered a tradition of getting in trouble over privacy and censorship, and Skype, the internet communications company, is the latest to encounter hot water. Its president has done his best to explain the situation.Skype Scrambles After Breach And Censorship Revelations As Josh Silverman wrote, "In China, TOM is the majority local partner in our joint venture that brings Skype functionality to Chinese citizens." Skype - and anyone who bothered to listen to an old announcement - has known for some time that TOM obeyed Chinese laws requiring them to block messages containing certain terms. The problems began when it turned out that TOM stored the messages; there's a real concern about what government authorities might have seen them. And what's more, a security breach may have exposed the messages to all other sorts of people. Silverman wrote, "We were very concerned to learn about both issues and after we urgently addressed

Some security stories relate to fairly harmless issues, but this one might go well beyond "whoops." It seems that LIGNex1 and Hyundai Heavy Industries, two Korean companies that construct things for the military, have had malicious code planted within their computer systems.Defense Companies Hit By Malicious Code So you know the (potential) scale of the problem: LIGNex1 deals with missiles, radar, and communications systems. Hyundai Heavy Industries is the world's largest shipbuilder. And it was the National Security Research Institute that found the malicious code. This sounds like the start of some near-apocalypse novel by Tom Clancy, right? As for who planted the code, how they did it, and what files were affected, details are scarce right now. Chalk it up to government secrecy or (and this is a slightly scarier possibility) true ignorance at the same level. Anyway, as reported by SC Magazine UK, a National Security Research Institute representative said, "The research instit