Internet Explorer ActiveX Security Hole

| 0 comments

If you have not heard by now there is a sever security flaw with Internet Explorer running on Windows XP and Windows 2003 Server when it comes to ActiveX. It essentially comes down to the possibility of remote code execution. Purpose of Advisory: To provide customers with initial notification of the vulnerability and to provide information to help protect customers. Advisory Status: Issue Confirmed, Security Update Planned Recommendation: Review the suggested actions and configure as appropriate. References Identification CVE Reference CVE-2008-0015 Microsoft Knowledge Base Article 972890 There is both a fix here and a workaround in the event you can not patch your system. Take note here because this can result is a behavior or complete security breach that you most likely do not want to deal with. That workaround is: To implement the workaround that disables the Microsoft Video ActiveX Control automatically on a computer that is running Windows XP or Windows Server 2003, click the Fix this problem link under Enable workaround. To undo the workaround, click the Fix this problem link under Disable workaround. Then click Run in the File Download dialog box, and follow the steps in this wizard.

CodeSnip: Easy Data Encryption Using the DBMS Obfuscation Toolkit from Oracle

| 0 comments

If you use Oracle as your datastore and need to encrypt and decrypt sensitive data, then Steven has a stored procedure code snippet that you can use in no time. Introduction Encryption and decryption is fairly common in many web applications today. If you are using an Oracle Database as your data store, then you can easily implement encryption and decryption at the database level using the DBMS Obfuscation Toolkit provided by Oracle. Establish Table and Package Create the table. Simply cut and paste the PL/SQL as shown in Listing 1. create table encryption ( ID number, uname varchar2(25), password varchar2(32) ); Listing 1: Create Encryption Table Next you will need to create the package and package body. Simply cut and paste the PL/SQL in Listing 2. CREATE OR REPLACE PACKAGE user_security AS FUNCTION encrypt (p_text IN VARCHAR2) RETURNRAW; FUNCTION decrypt (p_raw IN RAW) RETURNVARCHAR2; PROCEDURE update_user_password ( p_username IN VARCHAR2, p_new_password IN VARCHAR2); END user_security; / CREATE OR REPLACE PACKAGE BODY user_security AS g_key RAW(32767) :=UTL_RAW.cast_to_raw(‘12345678′); g_pad_chr VARCHAR2(1) := ‘~'; PROCEDURE padstring (p_text IN OUT VARCHAR2); FUNCTION encrypt (p_text IN VARCHAR2) RETURNRAW IS l_text VARCHAR2(32767) := p_text; l_encrypted RAW(32767); BEGIN padstring(l_text); DBMS_OBFUSCATION_TOOLKIT.desencrypt(input => TL_RAW.cast_to_raw(l_text), key => g_key, encrypted_data => …

Continue reading

Mono Development With The MonoDevelop 2.0 IDE

| 1 Comment

I have heard of this cross platform and open source .NET development framework for some time now and If I recall correctly I first heard of it on .Net Rocks years ago. Show #75 | 8/8/2004 (120 minutes) Miguel de Icaza talks Mono! Show #313 | 2/5/2008 (63 minutes) Miguel de Icaza and Geoff Norton on Mono Over the years, I hear so many people stating open source is the way to go and in many cases this may be true. It all comes down to the needs of the business, products, and individuals so I am not even going to begin a discussion on this point what so ever. My advice is if you are curious about this open source alternative to the Microsoft .NET Framework then jump on over to the Mono project for yourself and give this a test drive. At the time of this post Mono 2.4 supports Linux, Mac and of course Windows. In short, the Mono Project aims to make developers productive and happy: Mono 2.4 is our gift to the world. Sponsored by Novell, the Mono open source project has an active and enthusiastic contributing community and is positioned to become the leading …

Continue reading