Friday, February 17, 2012

Parts of Internet Could Disappear Amid FBI Server Shutdown

FBI OfficersIn late 2011 the Federal Bureau of Investigation (FBI) set up a bunch of secure servers to replace the ones created by seven individuals that were arrested for internet fraud. According to a statement by the FBI at the time of the arrests, "The dismantling of the defendants' rogue DNS servers - to which millions of computers worldwide had been redirected - would potentially have caused all of those computers, for all practical purposes, to lose access to websites."

Any company in the world that had a website hosted on one of those servers had only 120 days to knock out all the malware known as DNSChanger Trojan before the servers would be shut down by the FBI. Well, those 120 days of grace have almost run their course and any site that doesn't or hasn't cleaned out the malware could see their website erased from the internet entirely come March 8. If this happens, then we could also very well see a sizable piece of the internet disappear on that day as well.

Brian Krebs, a security expert, has claimed that nearly half of the world's Fortune 500 companies and personal computers at almost 50% of all federal government agencies still have the malware on their networks. If that is true, then there are a lot of companies, important ones, that will lose their websites and access to them in just a couple of weeks.

According to President and Chief Technology Officer for Internet Identity, "Yes, there are challenges with removing this malware, but you would think people would want to get this cleaned up. This malware was sometimes bundled with other stuff, but it also turns off antivirus software on the infected machines and blocks them from getting any security updates from Microsoft."

Source: Mashable - FBI's Looming Server Shutdown Could Leave Chinks of the Internet Dark


Find out what is going on in the Tech Army World.



What are the Top 10 Money Making Missions?

What other companies have joined and what do they do?

How do I join the
Tech Army Organization ?

Friday, February 3, 2012

Apache Releases v2.2.22 for Apache HTTP Server

ApacheThe release of Apache HTTP Server v2.2.22 has just been announced by both the Apache Software Foundation and the Apache HTTP Server Project. The Apache HTTP Server Project has stated that this release is definitely the best version of Apache HTTP Server released so far and is encouraging all of its users to to upgrade as soon as possible.

Version 2.2.22 of Apache HTTP Server 2.2.22 is mainly an update that fixes security issues and bugs. However, there are a number of significant security fixes that are included in v2.2.22. These include:



  • Reject requests when the request-URL doesn't match HTTP specification.

  • Fix integer overflow in ap_pregsaub().

  • Resolve additional cases of URL rewriting with ProxyPassMatch or RewriteRule.

  • Fix segfault when the '%{cookiename}C' log format string is in use and a client sends a nameles, valueless cookiee, causing a DoS.

  • Fix scoreboard issue which could allow an unprivileged child process to cause the parent process to crash and shutdown in stead of terminating cleanly.

  • Fixed an issue in error responses that could expose "httpOnly" cookies when no custom ErrorDocument is specified for status code 400.

Version 2.2.22 of Apache HTTP Server is currently available for download if you want it. The CHANGES_2.2 file, which is found on the download page, has the entire list of everything that is changed in v2.2.22 and a condensed list, known as CHANGES_2.2.22, includes only those changes since the prior release of v2.2. If you want to, you can also view an entire summary of all the security vulnerabilities addressed in this release, as well as earlier releases.

The summary includes version 1.4.5 of Apache Portable Runtime (APR) as well as APR Utility Library (APR-util) version 1.4.2, which is also paired with the tar and zip distributions. The Apache Portable Runtime libraries libapr and libaprutil, as well as Win32, libapriconv v.1.2.1, must all be updated for binary compatibility and to address a lot of known security and platform bugs.

Whenever you do decide to upgrade or install v2.2.22, keep in mind that if you are going to be using Apache HTTP Server with a threaded MPM other than the Prefork MPM, you need to ensure that all modules you will be using, as well as their libraries, are thread-safe.

Source: Connectwww.com - Apache HTTP Server 2.2.22 Released
Server Watch - Apache HTTP Server 2.2.22 Released


Find out what is going on in the Tech Army World.



What are the Top 10 Money Making Missions?

What other companies have joined and what do they do?

How do I join the
Tech Army Organization ?