Episode 73 - Java exploits Linux and Apache ignores IE...

Running Time: 0:59:16.8


1) Introduction

He is back, Greg Martin returns will Corey ever return?

2) News

Apache HTTP Server set to ignore IE10's Do Not Track request
Java 0-Day Exploit Humbla

3) Conclusion

Recommendations for People to interview
E-Mail us at podcast@linuxinstall.net
Facebook Fan Page
Follow us on Twitter and Identica as @linuxinstall
Google +
Look for us and comment on iTunes, odeo

Java Zero Day Attach and it affects Linux...

This comes from our guest host Greg Martin on Google+:

Java 0-day being exploited in the wild. There have been confirmed infections on Windows-based computers but it's possible to compromise a Mac or Linux system as well. Currently the only recommendation for mitigation is to completely disable Java.

Links for thought:

Ars Technica article: http://arstechnica.com/security/2012/08/critical-java-exploit-spreads/

In-depth breakdown of the exploit (technical with mildly poor English): http://immunityproducts.blogspot.com.ar/2012/08/java-0day-analysis-cve-2012-4681.html

Proof-of-concept for the exploit (actual source code): http://pastie.org/pastes/4594319/text

There are also some claims that Oracle have known about the vulnerabilities for some time. https://www.pcworld.com/businesscenter/article/261612/oracle_knew_about_currently_exploited_java_vulnerabilities_for_months_researcher_says.html

I'm currently testing this out on my system (Linux) to see if I can get it to work.

 

The top five Open Source Packages used by Companies....

What are the top five Open Source packages that people need support on? What do you think? What are your top 5 Open Source software packages you support?
Read More