Privacy and security news and privacy and security widget

If you've ever forgotten an appointment, anniversary, or birthday, you know that being late by even a little bit can be terribly awkward. It almost seems worth it to get an arm or leg set in plaster just so you have a proper excuse. Now Microsoft's trotted out its version of a cast story to explain a seven-year patch delay.Microsoft Fixes Flaw After Seven Years Microsoft security bulletin MS08-068 addresses a flaw in the Microsoft Server Message Blog protocol, and in a post on the Microsoft Security Response Center, Christopher Budd acknowledged, "We've received some questions from customers about MS08-068 and its relationship to an issue that was first discussed in 2001, called the SMBRelay attack. Specifically, we've gotten some questions about why, in 2008, we're releasing an update that addresses an issue first discussed in 2001." Budd, a security communications program manager, then stated, "[W]e could not make changes to address this issue without negatively impacting networ

A workaround emerged from Oracle as news circulated of a remotely exploitable flaw, without requiring authentication, involving the WebLogic platform.Both the WebLogic Server and WebLogic Express products, acquired by Oracle when the company purchased BEA, suffer from the newly disclosed vulnerability. SANS internet Storm Center said the problem stems from the Apache Connector used by the products. A WebLogic advisory noted the flaw could be exploited without authentication. Sites using Apache servers that are already configured with the mod_security module are protected from this vulnerability by the default core ruleset, according to the advisory. Using mod_security with the WebLogic plug-in for Apache serves as one workaround suggested by Oracle. The other workaround calls for an edit to httpd.conf and a restart: It is possible to configure Apache and avert this vulnerability by rejecting certain invalid requests. To do so, add the following parameter to the httpd.conf file and