It’s Friday the 13th…queue ominous music…but I’m counting on everything going smoothly today. Is it just me or do things always tend to explode on Friday’s?

Here’s the list:

Oracle UK systems accused in ‘SSH hacking spree’ – “Bad Oracle….bad!”

Compromised computers at Oracle UK are listed among the 10 worst offenders on the net for launching attacks on servers which run SSH (secure shell) server software.

Oracle said it is investigating the reported problem, which it is yet to either confirm or refute.
Click here to find out more!

A box (or group of boxes behind a proxy) at Oracle UK is among the worst offenders for launching attacks, according to statistics from servers running DenyHosts software to block SSH brute-force password attacks.

Patching an IPS – 16 months ! – Woah…..

Looking into disclosure timeline [pdf] of Andres Riancho, Cybsec Security Systems the vendor was contacted on 6th February, 2006 already.

The updated TOS version was released on 4th July, 2007, i.e. last week.

I’m not saying 3Com is slow when fixing vulnerabilities, I think this issue was extremely difficult to resolve. Cybsec will “disclose technical details 30 days after publication of pre-advisory”. Let’s wait!

FG-Injector – SQL Injection & Proxy Tool – New tool to test out.

FG-Injector Framework is a set of tools designed to help find SQL injection vulnerabilities in web applications, and help the analyst assess their severity. It includes a powerful proxy feature for intercepting and modifying HTTP requests, and an inference engine for automating SQL injection exploitation.

NIST releases revised FIPS crypto standard for review – Review away my friends….review away!

The latest version of the Federal Information Processing Standard for cryptographic modules, FIPS 140-3, has been released for comment by the National Institute of Standards and Technology.

Comments on the draft, available online at http://csrc.nist.gov/publications/drafts.html#fips140-3 , are due to NIST by Oct. 11.

The current standard, FIPS 140-2, grew out of Federal Standard 1027, General Security Requirements for Equipment, which used the now-outdated Data Encryption Standard. FIPS 140-1 was issued in 1994 with a requirement that it be reviewed every five years. The review and revision process can take several years, and FIPS 140-2 was approved in 2001.