Before virtualisation a bad patch would affect a single server, but now thanks to virtualisation and bad coding, you can easily take down a large part of your infrastructure.

Sloppy programmers managed to leave beta code in VMware ESX 2.5 Update 2 and ESXi Server 3.5 Update 2 release on 12 August , resulting in the VMware licence manager thinking the software was beta and had expired. This then resulted in VMware refusing to start any of the virtual machines on the patched server.

Wait, aren’t VMware a part of EMC, the World’s premier storage vendor? Doesn’t EMC also own RSA, a leading security vendor - triple ouch. Sloppy coding practices after the EMC acquisition on such a mission critical product is inexcusable.

Over the past year VMware have been using EMC’s marketing dollars to make a massive push to convince organisations to move their critical applications to virtualised servers, this has got to hurt.

The popular Fedora linux distribution closely related to Red Hat is to include a security tool called secTool that will audit the security posture of the operating system once installed according to an article on ann an article on InternetNews.`

At one time Fedora was the most popular Linux distribution available, but both Ubuntu and SuSE have become more popular in recent times.

I’ve spent the best part of a month convincing organisations they need to put in better policies to protect themselves from leaking their customer’s personal data and then I read this Register article on how the British government have managed to loose 29 million records this year. Not bad in a country with just over 60 million inhabitants - almost one data loss per UK citizens.

4 million of these leaks have occurred since the Government’s review after the loss of 25 million records from Her Majesty’s Revenue & Customers from unencrypted CD-ROMs that went missing. Good to know that they’ve tightened up policies and procedures then - eh?

The Information Commissioner who is responsible for the protection of data within the United Kingdom has been too busy suing Marks & Spencer for the loss of a mere 26,000 employee records to look into how the government has managed to loose details of half of the UK’s citizens.

NXP, the Dutch manufacturer of the Mifare chip found in London Transport’s Oystercard, is suing Dutch Radboud University to court to prevent the release of a research paper entitled Dismantling Mifare Classic that uncovers issues related to the chips.  The researchers recently travelled free during a visit to London after cloning innocent traveller’s cards.

So far the university has held firm and still plans to release the paper at the Esorics security conference in October.

XSSed have published reports of multiple HSBC domains that are open to Cross Side Scripting (XSS) attacks that could allow a phisher to embed a malicious site within a genuine HSBC page.

At the time of writing, most of HSBC’s Web real estate were still vulnerable despite being notified months ago.

The recent playoff between Woods and Rocco Mediate caused a traffic spike so large on the Internet that some companies thought they were under a Distrbuted Denial of Service attack, according to an article on CNET News.com.

Tags: TigerWoods, DDoS

As a part of my ex-employer TippingPoint’s Zero Day Initiative, a vulnerability has been found in Mozilla’s new Firefox 3.0 webbrowser which was launched two days ago.

For more details on the vulnerability, go to TippingPoint Zero Day Initiative Page for the vulberability.