- HP buys EDS for $13.9 billion
- 10 ways the Chinese Internet is different
- What EDS is telling its people about HP deal
- Sprint loses nearly 1.1 million customers
- Desktops of the future here today
Rss FeedRss Feed
Crackin' the Kraken bot. Listen now!
Wireless dangers at airports. Listen now!
The Payment Card Industry Data Security Standard (PCI DSS) is a set of industry regulations imposed by the major credit card companies to ensure the safety, security, and integrity of cardholder data. Any business that processes, stores, and transmits cardholder account data must comply with this complex new standard, and must be able to demonstrate that compliance through automated and manual audits of their systems. This white paper looks at the key challenges and requirements of PCI DSS as it relates to Microsoft Windows and Active Directory, and shows you how a third-party software solution can help with PCI compliance.
Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.
There are many compelling reasons for virtualizing Windows and Linux applications. Virtualization improves server utilization by allowing you to run multiple workloads on a single physical server. It reduces the number of physical servers you have to maintain, while allowing you to use less physical space and power while still improving scalability. All of these capabilities translate directly into lower costs, less complexity, and greater flexibility in your mixed IT environment. Register below to learn more and be entered to win an Archos 605 Portable Media Player.
Its not hard to keep on eye on how much bandwidth that you are using, check out this page for more info:
http://technicianspot.blogspot.com/2008/05/monitor-bandwidth.html- Anonymous
When Charlie Miller won $10,000 for hacking into a Macbook Air laptop last month, he exploited a flaw that had been publicly disclosed nearly a year before the contest.
The flaw, it turns out, lay in an open-source software library called the Perl Compatible Regular Expressions (PCRE) library, which is used by many products including Apache, the PHP scripting language, and Apple's Safari browser, which Miller hacked to win the contest.
Miller won $10,000 and a new Macbook Air last month after hacking into the laptop in a matter of minutes. The PWN2OWN contest invited hackers to try to install unauthorized software on fully patched Mac OS X, Windows and Linux computers using previously undisclosed "zero-day" flaws. (Compare Patch and Vulnerability Management products)
In an e-mail interview, security researcher Chris Evans said he found the bug, which he publicly disclosed in November 2007. PCRE developers fixed the bug months earlier while writing an incomplete fix for the issue in the May 2007 PCRE 6.7 product, Evans said.
Although Apple's Safari browser uses the PCRE software library, the company did not patch its version of the library until late last week. That means that an astute hacker who had noticed the fix in PCRE 6.7 would have been given an early tip on how to hack into Apple's computers.
Discovering a software bug is the first step toward figuring out how to use that flaw in an attack, but not every flaw leads to a successful exploit.
In an e-mail interview, Miller confirmed that the bug he'd exploited was the same one that was patched in PCRE 6.7, but said that researchers at his company, Independent Security Evaluators, had found it "completely independently."
Miller found another PCRE bug that allowed him to be the first hacker to break into the iPhone after it was launched last year.
It is very common for developers to incorporate someone else's software library into their program and then not properly add all the latest bug fixes, said Dragos Rui, one of the organizers of the PWN2OWN contest.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com The Industry Standard IDG List Services |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
