Oracle patches 128 vulnerabilities, you won’t believe how many of them are critical.
Plus how twitter can solve their hacking problem, ZFS questions galore, and much much more!
On this week’s TechSNAP.
Thanks to:
|
Use our code tech295 to score .COM for $2.95! 35% off your ENTIRE first order just use our code go35off4 until the end of the month! |
 |
Direct Download:HD Video | Mobile Video | MP3 Audio | Ogg Audio | YouTube | HD Torrent | Mobile Torrent RSS Feeds:HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feeds | Torrent Feed |
Support the Show:
| <a href=”https://flattr.com/thing/525316/chrislas-on-Flattr” target=”_blank”><br /> <img src=”https://api.flattr.com/button/flattr-badge-large.png” alt=”Flattr this” title=”Flattr this” border=”0″ /></a> |
|
Show Notes:
Get TechSNAP on your Android:
Browser Affiliate Extension:
- Jupiter Broadcasting Affiliate Extensions for Chrome and Firefox
- Java received a Critical Patch Update to plug 42 known vulnerabilities
- 19 of these have a CVE score of 10/10
- 39 of the vulnerabilities apply to Java Web Start, a plugin that can be remotely exploited with authentication
- The update also includes 25 new security fixes for MySQL , only 1 of which is remotely exploitable without authentication
- Compared to Oracle Database which had 4 remote exploits without authentication
- Other Oracle products had a bad time as well, Oracle Fusion Middleware patches fix 29 CVEs, 22 of which are remote exploits
- MAKE SURE YOU UPDATE JAVA
- In other news, Mark Reinhold, the chief architect of the Java platform group at Oracle announced via his blog Java 8 will be delayed until 2014 to focus on fixing security problems with Java 7, and ensureing Java 8 is not more of the same
- Security Explorations has updated their status report to reflect that the recent Java 7 update 21 fixes most of the outstanding reported vulnerabilities except #54 and #56 which Oracle has claimed are allowed behaviours, and #61 which was reported after the patch was related.
- The Dow Jones and S&P 500 dropped after the twitter account of the Associated Press was compromised and posted a fake story about multiple explosions at the white house, stating that president Obama had been injured
- It is reported that the drop in the S&P 500 caused by the fake news wiped out more than $136 billion in market value
- This setback comes less than a month after the U.S. Securities and Exchange Commission ruled that companies can use social-media sites to share market-sensitive news
- In a similar story, CBS temporarily lost control of two of if its twitter accounts, including @60Minutes
- Twitter has promised to implement two-factor authentication, mainly relying on sending a text message to the user with a single use token
- This raises the question of how two-factor authentication will interact with systems like hootsuite
- Standard Two-Factor authentication poses problems for multi-user accounts like those operated by Media Outlets, as there is no single mobile number to send the two-factor token to
- It appears that the attack that compromised the AP account may have just been brute force attempts at the password, which poses the question, does Twitter do enough to prevent such attacks?
-
Tzvi leaves us a voicemail.
- Does Freebsd lacks the daemon to provide the “Hot Spare” functionality to a ZFS spare drive?
- ZFS DeDupe is KILLING my box!
- As mentioned in the FreeNAS post above, a common figure is 5+GB of ram per TB of data. I think this also gets worse if you use a stronger hashing algorithm. They recommend using compression rather than dedup
-
Has a few years to get ready to jump into IT, where should he start?
Oracle releases patches for 128 vulnerabilities
Twitter account hack leads to drop in the stock market
Feedback:
[asa]B007GGGBM2[/asa]