Jeremiah Grossman: Web Application Security Professionals Survey (July 2008)- July 26, 2008 Jeremiah Grossman: Results: Web Application Security Professionals Survey (July 2008)This is an extremely important Survey for Web App Security.http://www.jboss.org/feeds/post/jeremiah_grossman_web_application_security_professionals_s... JBoss is secure- July 25, 2008 We certainly strive to reach that goal. Think about this: when you sleep at night, most of us lock the doors of our house. Why We want to feel secure. Same phenomenon happens when we go out of town for a couple of days - we tell our neighbors to watch our house. Many a times, burglars just break open a window and get in or take something immediately. When that happens, you fix the window and continue to hope that your house is safe. Even when you install a security system to your house and...http://www.jboss.org/feeds/post/jboss_is_secure JBoss 4.2.3 released- July 18, 2008 Rajesh from JBossQA has released JBoss 4.2.3.GA. ========================================================================= JBoss Application Server 4.2.3.GA has been released and is available for download at jboss.org http:www.jboss.orgjbossasdownloads This is the 3rd bug fixing release of the JBoss Application Server v4.2 series. The aim of this release is to provide fixes for bugs reported by the community against previous JBossAS v4.2.x releases. There were some backwards compatible...http://www.jboss.org/feeds/post/jboss_4_2_3_released SSNs useful for authentication- July 16, 2008 Brett A Scudder (on LinkedIn) basically referred to the following report on why SSNs are not appropriate for authentication....Uses of Social Security Numbers in the Private Sector:Why SSNs Are Not Appropriate for AuthenticationMultiple banks over the last few years have used SSNs as the userid for online banking. Some of these banks are prominent banks. But they have all migrated (or given an option to the user to choose a personal username). In my view, phishing attacks will aggravate the...http://www.jboss.org/feeds/post/ssns_useful_for_authentication Sun's Open Source Directory Server - OpenDS is 1.0.0- July 11, 2008 Message from Ludo to the opends mailing list. =========================== All, The OpenDS development team is very please to announce the release of OpenDS 1.0.0, the first stable release of the OpenDS project. OpenDS 1.0.0 delivers a fully compliant LDAPv3 server () that passes all of the compliance, interoperability and security tests suites. Furthermore, OpenDS 1.0.0 implements most the standard and experimental LDAP extensions defined in the IETF as RFCs or Internet-Drafts, ensuring...http://www.jboss.org/feeds/post/sun_s_open_source_directory_server_opends_is_1_0_0 Key Management - Oasis EKMI and IEEE P1619- July 1, 2008 InformationWeek has an article titled "Oasis' open Enterprise Key Management Infrastructure initiative promises less-complex encryption. But will vendors get on board", written by David Brown.Information security pros do put stock in encryption--it was named the third-most-effective security practice in our most recent Strategic Security Survey, behind only firewalls and antivirus products. However, there have been obstacles along the path to ubiquitous encryption of data, including weak...http://www.jboss.org/feeds/post/key_management_oasis_ekmi_and_ieee_p1619 JBoss 5.0.0.CR1 out the door- July 1, 2008 The day is not very far when we will see the GA release of JBoss5. We have reached the first milestone - JBoss 5.0.0.CR1. ============================================================== JBoss Application Server 5.0.0.CR1 has been released and is available for download from https:sourceforge.netprojectshowfiles.phpgroup_id=22866&package_id=16942&release_id=610469 Detailed Release...http://www.jboss.org/feeds/post/jboss_5_0_0_cr1_out_the_door |