|
|
|
Oracle warns of serious vulnerabilities
Next Windows will be different Novell preps Linux NetWare
DATABASE and enterprise application vendor Oracle is warning customers of two new vulnerabilities in its E-business suite and a third in its database that could be exploited by hackers.
If not patched, the two security flaws in Oracle’s E-Business Suite could let hackers install and run malicious code of their choice on the E-Business Suite server, the company says. Oracle has ranked both of these flaws as “high risk.” One flaw is within the suite’s Java Server Pages within the AOL/J Setup Test Suite for its E-Business Suite. This flaw could allow an attacker to view server configuration information that could be used to hack the suite.
A second flaw is located in the suite’s FNDWRR component. FNDWRR contains a buffer overflow vulnerability that could enable an attacker to crash the program and potentially run malicious code, the company says.
Oracle also is warning of a less serious flaw, a buffer overflow, in its database server. This flaw could enable an attacker to run malicious code on an unpatched system. However, Oracle says the flaw is unlikely to be exploited by a remote attacker; the greatest risk is that the system will be attacked by a corporate insider. Oracle has ranked this flaw as a low risk.
Oracle has detailed information on these vulnerabilities and patches to fix the flaws available;
Windows passwords cracked
A Swiss researcher released a paper that demonstrates how easy it is to crack Windows passwords composed only of alphanumeric characters. At the same time, another pair of researchers used the methods outlined in the paper to post a Windows NT password cracker to a website.
Philippe Oechslin, of the Swiss Federal Institute of Technology in Lausanne, published a paper that outlined how hackers could up the stakes in a 23-year-old password exploit by putting more computer memory on the password-cracking job. Called “time-memory trade off,” the concept allows much faster cracking of passwords when additional computer memory is provided to the lookup tables the method relies on.
Oechslin used Windows’ passwords as an example of how quickly cracks could be accomplished. According to his paper, he was able to crack 99.9 percent of all alphanumeric Windows passwords in 13.6 seconds. The older technique took 101 seconds to generate the same results, he said.
The NT password cracker, which was posted to another website of the Institute, was developed, said Oechslin, to demonstrate the cracking tactic.
Boasting a 6,000-time speed improvement over brute force password cracking, and able to crack a password 32 times faster than the older method, the NT password cracker can bust any alphanumeric Windows password in an average of five seconds, said the researchers.
Longhorn, the next version of Microsoft Windows, will be so different from its predecessors that users may not like it right away, Microsoft Chairman and Chief Software Architect Bill Gates says. “It (Longhorn) should drive a whole range of upgrades, but that could be sort of delayed.”
“Longhorn is innovative... there is a lot of work to be done in terms of what has to go in and what has not,” Gates said.
He said that Longhorn will have a new file system, as well as hinting of a server edition. Microsoft has previously said Longhorn will be a client-only release.
Also, Microsoft officials at WinHEC said the OS will have a new storage system that will be based on the existing NTFS.
Microsoft promises more details about the operating system release in October at the Microsoft Professional Developers Conference to be held in Los Angeles. Analysts have said the product will be one of the most important Windows launches for Microsoft. A beta of Longhorn is planned for next year.
Novell has said that NetWare 6.5 will include features for business continuity, open source, Web application services and “virtual office” capabilities to reduce network costs and complexity while giving users around-the-clock access.
NetWare 6.5 will be available August 15, Novell said. Pricing for a new licence ranges from $995 (5-user licence) to $18,400 (100-user licence); upgrade pricing for existing users ranges from $530 (5-user licence) to $9,750 (100-user licence). For more info, check www.novell.com/products/ netware65/pricing.html. — Dawn ScienceDotcom Report
