What do you think? I have been tweaking my KISGB and as I was thinking about releasing it I got to wondering if guestbooks are even used much anymore. With Twitter, Facebook, Blogs, etc., are they still used or needed?

Please vote in the Survey block to give some direction.

Southern writes:  

What is KeePass?

Today you need to remember many passwords. You need a password for the Windows network logon, your e-mail account, your website's FTP password, online passwords (like website member account), etc. etc. etc. The list is endless. Also, you should use different passwords for each account. Because if you use only one password everywhere and someone gets this password you have a problem... A serious problem. The thief would have access to your e-mail account, website, etc. Unimaginable.
KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish). For more information, see the features page.

KeePass

papamike writes:  

Oracle has released critical updates for its Java SE and Java for Business technologies to address numerous remote code execution vulnerabilities and other security issues.

The vendor has provided JDK (Java Development Kit) and JRE (Java Runtime Environment) 6 Update 22 for Windows, Solaris, and Linux for both Java SE and Java for Business.

The updates fix a total number of 29 vulnerabilities in various Java components, of which 28 can be exploited remotely without the need of authentication.

In addition, 15 of them scored 10.0 (maximum) on the Common Vulnerability Scoring System (CVSS) v2 scale, because they have a low access complexity and result in complete compromise of confidentiality, integrity and availability.

Read More ...

SECUNIA ADVISORY ID: SA41740

VERIFY ADVISORY: Secunia.com - http://secunia.com/advisories/41740/

CRITICALITY: Highly Critical

DESCRIPTION: Multiple vulnerabilities have been reported in Opera, which can be exploited by malicious people to bypass certain security restrictions or conduct spoofing and cross-site scripting attacks. The vulnerabilities are reported in versions prior to 10.63.
 Read More...

Southern writes:  

This page provides information about identifying, removing, and preventing badware on your website. It does not cover every situation, only the most common cases that we see at StopBadware. Some cases may require further assistance from security professional. You may also find additional information and volunteer assistance in our online community. We provide this advice as-is and cannot guarantee the results of following it. Like you, we do the best we can.

More: StopBadware

Southern writes:  

Several high-profile hacks over the past year including those at Heartland, Hannaford Bros., and 7-11, all have had one thing in common: they were launched with a SQL injection attack.

Cross-site scripting (XSS) had been the king of Web attack techniques for some time, and for good reason -- the ability to steal user credentials, hijack active Web sessions and take action on behalf of a user without their knowledge is particularly nasty. But the classic SQL injection attack has regained the lead as the most popular of Web attacks. Most of all reported Web breaches the first half of this year, according to the new Web Hacking Incidents Database (WHID) report, were conducted via SQL injection. And SQL injection is one of the most common vulnerabilities in Web applications today.

SQL injection attacks take advantage of an application not validating input (like on Twitter and Facebook), or input into a form, such as a site search. The user's input is then incorrectly executed by the backend database server and can have a myriad of results. The simplest example is entering a single quote (') into a search field or login form, and receiving an error message that the SQL query failed.

The attack basically lets the bad guy take an ordinary input field and abuse it in ways that allows him to bypass authentication into the Website, manipulate the database to disclose large amounts of data, or access and control the database server itself.

More: Dark Reading