From: Product Security Date: Fri Aug 02, 2002 05:45:34 PM US/Central To: security-announce@lists.apple.com Subject: Security Update 2002-08-02 for OpenSSL, Sun RPC, mod_ssl
-----BEGIN PGP SIGNED MESSAGE-----
Security Update 2002-08-02 is now available. It contains fixes for recent vulnerabilities in:
OpenSSL: Fixes security vulnerabilities CAN-2002-0656, CAN-2002-0657,
CAN-2002-0655, and CAN-2002-0659. Details are available via:
http://www.cert.org/advisories/CA-2002-23.html
mod_ssl: Fixes CAN-2002-0653, an off-by-one buffer overflow in the
mod_ssl Apache module. Details are available via:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN- 2002-0653
Sun RPC: Fixes CAN-2002-039, a buffer overflow in the Sun RPC XDR decoder.
Details are available via:
http://bvlive01.iss.net/issEn/delivery/xforce/aler tdetail.jsp?oid=20823
Affected systems: Mac OS X client and Mac OS X Server
Note: Mac OS X client is configured by default to have these services turned off, and is only vulnerable if the user has enabled network services which rely on the affected components. It is still recommended for Mac OS X client users to apply this security update to their system.
System requirements: Mac OS X 10.1.5
Security Update 2002-08-02 may be obtained from:
* Software Update pane in System Preferences
* Apple's Software Downloads web site:
http://docs.info.apple.com/article.html?artnum=120 139
Try Google News Headlines. It automatically finds news stories on the different news sites and groups them togther. From the page you can see the most popular news topics and read several different views of the same story.
The benefit of HTML that I don't think Flash has, is that it is designed be displayed on a wide variety of devices. Very little in the HTML spec is concrete on how to display the information. Most definitions include a suggested way on how the user-agent could display something, but there is no requirement that it must. (This is why a well designed page can be displayed in lynx...)
Of course, for sites that are just there for the wow factor, this Flash thing might be the way to go.
I don't mean to say that this isn't true, but doesn't something like this come up every few months? Some one thinks they broke some highly respected crypto system, then an expert shows that it is invalid or only valid for a small percentage of keys.
"With regard to the software and repository that you obtain for the Contest, you agree to the license terms as stated in files you download or receive. With regard to an entry you submit as part of the Contest, you grant Google a worldwide, perpetual, fully paid-up, non-exclusive license to make, sell, or use the technology related thereto, including but not limited to the software, algorithms, techniques, concepts, etc., associated with the entry.
If you are selected as a contest winner, you agree that Google may publicize your name, likeness, and the description of work you did to win the contest. Apart from the prizes associated with being selected as a winner, Google shall not be obligated to compensate you in any way for such publicity."
So in other words, google buys the next great thing for $10K. The only upside of the above is that it's a non-exclusive license which means you could go and sell it to a competing search engine too...
Of course, good luck finding a competing search engine:-)
Yes, I think Segway is cool. Of course, it's been so overhyped that unless it has the ability to teleport people across space it will feel like a disappointment.
Expensive? Yes, but you get what you pay for!
on
Apple releases iPod
·
· Score: 2, Interesting
Yes, the new iPod is expensive, but you are getting what you pay for:
Look up a 5GB 1.8" hard drive on PriceWatch. They're currently going for about $350. Add a firewire interface to that, battery, the MP3 player functionality, and some headphones.
I'm on Road Runner, and my firewall is logging between 10 and 30 requests per minute -- most of these coming from within the road runner network (24.x.x.x range).
The funniest thing though-- if you go to just about any of these IP address with a web browser, its the default page for IIS. Meaning someone set up a web server (perhaps unknowingly) and forgot about it.
I don't know what you all are talking about...I've been drinking CodeRed for months now. Its red, highly caffinated, and tastes like Mountain Dew. Only fruitier.
A lot of the spam I revieve already contain random data in the subject line (or in the body of the message to break this). This is why the subject of some spam looks like "Free pr0n 3j1I". I beleive this practice goes way back to when bots would scan newsgroups and kill spam messages. The random subject lines would render them usless.
As far as I know this is nothing new, distirbuted.net has always done this on thier projects (RC5, DES) to make sure people are actually checking the blocks.
I don't know if there's any scientific proof to this or not. But, all of my really good proffessors have had really messy offices, and all my worst proffessors have had really clean offices. My best professors have always had to "clear off a place for me to sit" when I'd go into see them. In fact, who most students consider to be the best prof at my school has two offices...both completely filled with junk!
Slashdot Mirror
Actually, it looks like you get $30 off at checkout.
From: Product Security
Date: Fri Aug 02, 2002 05:45:34 PM US/Central
To: security-announce@lists.apple.com
Subject: Security Update 2002-08-02 for OpenSSL, Sun RPC, mod_ssl
-----BEGIN PGP SIGNED MESSAGE-----
Security Update 2002-08-02 is now available. It contains fixes for recent
vulnerabilities in:
OpenSSL: Fixes security vulnerabilities CAN-2002-0656, CAN-2002-0657,
CAN-2002-0655, and CAN-2002-0659. Details are available via:
http://www.cert.org/advisories/CA-2002-23.html
mod_ssl: Fixes CAN-2002-0653, an off-by-one buffer overflow in the
mod_ssl Apache module. Details are available via:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN
Sun RPC: Fixes CAN-2002-039, a buffer overflow in the Sun RPC XDR decoder.
Details are available via:
http://bvlive01.iss.net/issEn/delivery/xforce/ale
Affected systems: Mac OS X client and Mac OS X Server
Note: Mac OS X client is configured by default to have these services turned
off, and is only vulnerable if the user has enabled network services which rely
on the affected components. It is still recommended for Mac OS X client users
to apply this security update to their system.
System requirements: Mac OS X 10.1.5
Security Update 2002-08-02 may be obtained from:
* Software Update pane in System Preferences
* Apple's Software Downloads web site:
http://docs.info.apple.com/article.html?artnum=12
SSL server:
https://depot.info.apple.com/security/129403bc5e1
To help verify the integrity of Security Update 2002-08-02 from the
Software Downloads web site:
The download file is titled: SecurityUpd2002-08-02.dmg
Its SHA-1 digest is: 54f6eebe0398181db8f1129403bc5e184e3b7367
Information will also be posted to the Apple Product Security web site:
http://www.apple.com/support/security/secu
This message is signed with Apple's Product Security PGP key, and
details are available at:
http://www.apple.com/support/security/securi
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.3
iQEVAwUBPUsLOiFlYNdE6F9oAQGAigf+JV+lazuko1g4oZS
2cZ/BdaEBA8jLGrPkhWuvmMwpN9z6G9ch
789zLQLK2JTB75nc0fNyx2CdfHlEIM00v
tWXLc2dWK2Nf2SUk0/yLgfjceZKEPCPXT
vRPc2sn2HYu9IJw/BrMEsDlS8IWHf6ozX
FauTTepMF9+JfCkx+2wtpwWhBcXoJnjwI
=fdGO
-----END PGP SIGNATURE-----
This is true. And they do it now: HFS+ and UFS
Try Google News Headlines. It automatically finds news stories on the different news sites and groups them togther. From the page you can see the most popular news topics and read several different views of the same story.
Maybe this is old news, but Apple lists two trailers (in QuickTime format of course) for Episode II on thier trailer page here:
http://www.apple.com/trailers/
The benefit of HTML that I don't think Flash has, is that it is designed be displayed on a wide variety of devices. Very little in the HTML spec is concrete on how to display the information. Most definitions include a suggested way on how the user-agent could display something, but there is no requirement that it must. (This is why a well designed page can be displayed in lynx...)
Of course, for sites that are just there for the wow factor, this Flash thing might be the way to go.
I don't mean to say that this isn't true, but doesn't something like this come up every few months? Some one thinks they broke some highly respected crypto system, then an expert shows that it is invalid or only valid for a small percentage of keys.
If this is what you're referring too:
"Sorry, we cannot accept entries that require commercial software or other software that is not provided as open source or under GPL."
This only means that google will not accept entries that rely on commercial or closed source code (such as an API).
"With regard to the software and repository that you obtain for the Contest, you agree to the license terms as stated in files you download or receive. With regard to an entry you submit as part of the Contest, you grant Google a worldwide, perpetual, fully paid-up, non-exclusive license to make, sell, or use the technology related thereto, including but not limited to the software, algorithms, techniques, concepts, etc., associated with the entry.
:-)
If you are selected as a contest winner, you agree that Google may publicize your name, likeness, and the description of work you did to win the contest. Apart from the prizes associated with being selected as a winner, Google shall not be obligated to compensate you in any way for such publicity."
So in other words, google buys the next great thing for $10K. The only upside of the above is that it's a non-exclusive license which means you could go and sell it to a competing search engine too...
Of course, good luck finding a competing search engine
Here's a link to the puzzle from the college's website:
http://www.whatmagnet.com/gofigure/index.html
I use Google's news headlines to read my news. Each topic has a link to several different sites with the story.
Yes, I think Segway is cool. Of course, it's been so overhyped that unless it has the ability to teleport people across space it will feel like a disappointment.
Yes, the new iPod is expensive, but you are getting what you pay for:
Look up a 5GB 1.8" hard drive on PriceWatch. They're currently going for about $350. Add a firewire interface to that, battery, the MP3 player functionality, and some headphones.
In case you didn't know...
From dictionary.com:
pro bono
adj.
Done without compensation for the public good: a lawyer's pro bono work.
I may not be up on this whole 'web services' thing, but wouldn't it be possible to implement some of this stuff in apache modules?
Actually, isn't it the job of the executive branch to enforce the laws?
/ Enlightenment2.html
The Legistlative makes laws, executive enforces then , and judicial interprets them.
See here: http://www.guhsd.net/mcdowell/history/notes/unit4
I'm on Road Runner, and my firewall is logging between 10 and 30 requests per minute -- most of these coming from within the road runner network (24.x.x.x range).
The funniest thing though-- if you go to just about any of these IP address with a web browser, its the default page for IIS. Meaning someone set up a web server (perhaps unknowingly) and forgot about it.
I don't know what you all are talking about...I've been drinking CodeRed for months now. Its red, highly caffinated, and tastes like Mountain Dew. Only fruitier.
I just I'm just more 1337 than all you.
:-)
A lot of the spam I revieve already contain random data in the subject line (or in the body of the message to break this). This is why the subject of some spam looks like "Free pr0n 3j1I". I beleive this practice goes way back to when bots would scan newsgroups and kill spam messages. The random subject lines would render them usless.
That sucks :-)
As far as I know this is nothing new, distirbuted.net has always done this on thier projects (RC5, DES) to make sure people are actually checking the blocks.
If your company is already running on Macs, why not check out some of the other database available?
:-)
One that I've heard a lot of hype about it Valentina. I have no idea if it offers good performance -- but at least its creator thinks it does.
Mac OS X (though not released yet) should support most languages I think.
Of course Office for the Mac, may not be able to take advantage of this until it is ported to OS X sometime in the fall.
I don't know if there's any scientific proof to this or not. But, all of my really good proffessors have had really messy offices, and all my worst proffessors have had really clean offices. My best professors have always had to "clear off a place for me to sit" when I'd go into see them. In fact, who most students consider to be the best prof at my school has two offices...both completely filled with junk!