Episode 73 - Java exploits Linux and Apache ignores IE...

Running Time: 0:59:16.8


1) Introduction

He is back, Greg Martin returns will Corey ever return?

2) News

Apache HTTP Server set to ignore IE10's Do Not Track request
Java 0-Day Exploit Humbla

3) Conclusion

Recommendations for People to interview
E-Mail us at podcast@linuxinstall.net
Facebook Fan Page
Follow us on Twitter and Identica as @linuxinstall
Google +
Look for us and comment on iTunes, odeo

Brian Wagner

Brian started working with *nix in while a student at Kent State University in the early 90's. In 1995, as an E-Mail Administrator for Caliber Technology (now part of Fedex) he was tasked with administering Sendmail on both Slackware Linux and Solaris Systems. His first home install of Linux was MkLinux DR1 in 1996 on his 60 Mhz PowerMac. Since then Brian has been working and consulting on Linux and it's uses in the Enterprise to support everything from E-Mail, Firewalls, Web and File serving to custom cluster solutions and grid solutions. Brian has had the opportunity to work in both Fortune 500 companies and small 2 person organizations. This has given him the unique insight into the differences every size business faces.

Java Zero Day Attach and it affects Linux...

This comes from our guest host Greg Martin on Google+:

Java 0-day being exploited in the wild. There have been confirmed infections on Windows-based computers but it's possible to compromise a Mac or Linux system as well. Currently the only recommendation for mitigation is to completely disable Java.

Links for thought:

Ars Technica article: http://arstechnica.com/security/2012/08/critical-java-exploit-spreads/

In-depth breakdown of the exploit (technical with mildly poor English): http://immunityproducts.blogspot.com.ar/2012/08/java-0day-analysis-cve-2012-4681.html

Proof-of-concept for the exploit (actual source code): http://pastie.org/pastes/4594319/text

There are also some claims that Oracle have known about the vulnerabilities for some time. https://www.pcworld.com/businesscenter/article/261612/oracle_knew_about_currently_exploited_java_vulnerabilities_for_months_researcher_says.html

I'm currently testing this out on my system (Linux) to see if I can get it to work.

 

Brian Wagner

Brian started working with *nix in while a student at Kent State University in the early 90's. In 1995, as an E-Mail Administrator for Caliber Technology (now part of Fedex) he was tasked with administering Sendmail on both Slackware Linux and Solaris Systems. His first home install of Linux was MkLinux DR1 in 1996 on his 60 Mhz PowerMac. Since then Brian has been working and consulting on Linux and it's uses in the Enterprise to support everything from E-Mail, Firewalls, Web and File serving to custom cluster solutions and grid solutions. Brian has had the opportunity to work in both Fortune 500 companies and small 2 person organizations. This has given him the unique insight into the differences every size business faces.

The top five Open Source Packages used by Companies....

What are the top five Open Source packages that people need support on? What do you think? What are your top 5 Open Source software packages you support?
Read More