Most organizations are focusing their patching efforts and vulnerability scanning on the operating system — but 60 percent of the total number of attacks occur on Web applications, and many attacks are aimed at third-party applications such as Microsoft Office, and Adobe Flash and other tools, according to actual attack data gathered for the report. Meanwhile, enterprises are taking twice as long to patch their applications than to patch their operating systems, the report says.

More at darkREADING

The trojan configures and runs a rogue DHCP daemon on the infected host. Other devices on the same LAN are misled into using name servers settings provided by the trojan DHCP daemon for DNS lookups instead of using the origional configured name servers.

Devices on the network are then sent to fraudulent websites that can be more difficult to identify as imposters since the DNS lookups appear correct.

This is a more advanced attack of a well known vector of attacking a systems hosts file, but by being system agnostic and using the familiar DNS protocol, it is much more effective.

More details can be found at SANS

Steam Cloud support is seamless, meaning any changes to a users game configuration such as graphics options and key settings, and best of all, save games, will propagate to the Cloud automatically. Upon logging into your Steam account from another PC, these settings will be synchronized down from the Cloud and automatically loaded by the game. Any changes to the configuration on this second machine are then synced to the Cloud for future sessions.

The simplicity from the perspective of the user of this new capability is quite brilliant.

“Tokeneer has been written in SPARK Ada, a high level programming language designed for high-assurance applications. Originally a subset of the Ada language, it is designed in such a way that all SPARK programs are legal Ada programs. Ada is the natural choice for mission-critical, high-integrity systems due to its combination of flexibility, reliability and ease of use, and SPARK further adds a static verification toolset that combines depth, soundness, efficiency and formal guarantees.”

Via Slashdot

These numbers only highlight the importance of testing Apple Mac as a platform against your external facing websites.

“It’s rare to see a concept as technical as open-source software in a federal funding bill. But the House’s proposed National Defense Authorization Act for Fiscal Year 2009 (H.R. 5658) includes language that calls for military services to consider open-source software when procuring manned or unmanned aerial vehicles.”

“For a technology that has been in stable release since May 22, 2000, PHP 4 has finally reached the end of its official life. With the release of PHP 4.4.9, official support has ended and the final security patch for the platform issued. …With eight years of legacy code out there, it is likely that there are going to be a fairly large number of systems that will not migrate to PHP 5 in the near future, and a reasonable proportion of those that will not make the migration at all. For those who are not able to migrate their systems to the new version of PHP, noted PHP security expert Stefan Esser will continue to provide third party security patching for the PHP 4 line through his Suhosin product.”

The new driver doesn’t use a proprietary hardware abstraction layer and no firmware is required.

The ath9k driver includes supports for the following chipsets:

* AR5418+AR5133
* AR5416+AR5133
* AR5416+AR2133
* AR9160
* AR9280
* AR9281