Raesene's Ramblings

Zero-day details underscore criticism of Oracle
Article about the slowness with which Oracle is patching its software. Given the fact that many companies will be using Oracle software to store a lot of their critical information, it's quite worrying that they can take over 2 years to deploy a fix for a bug.
We've seen with the current worm/botnet problems, a trend for security exploits to be part of professional criminal activities. So I wonder what the likelihood that there are Blackhats actively working on finding database flaws... I'd say reasonably likely, with that likelihood increasing over time.
So if we assume that, then we can assume that they'll be finding the same things that security researchers have been finding and notifying Oracle of, at which point it becomes pretty worrying that Oracle are so unresponsive in terms of patching these flaws...

Although my paranoia does make me worry as to whether there are any potential downsides to this, it's too funny to pass up



UPDATE : now edited to use a non-updating version, in case of malicious alteration of source... for more info. see link here

The Best Web 2.0 Software of 2005 (web2.wsj2.com)
Some interesting information on web 2.0 sites.

A Brief Guide to a Painless Internet Experience
A good guide with recommendations for home user security software. Also chimes in with the setup I tend to use when setting up PC's for people...

Sunbelt BLOG: Anatomy of a malicious host file hijack
A good analysis of a current host file hijacking trojan.. A couple of points I thought were really significant was the quality of the fake website and the range of hosts attacked.
It really shows significant efforts are being put into this if someone's producing that number of fake sites, and I'd imagine if the server they're currently on is taken down the setup of another will be relatively easy, making it easy to redploy this attack.
Realistically if a usual end-user got this, there's almost no way they could detect the forgery (although it doesn't mention whether the SSL cert. is faked well)
Also worringly there's a list of A-V programs, at the bottom of the post, several of which don't currently detect this trojan...

Five mistakes of vulnerability management - Computerworld
Interesting article with some sensible points on Vulnerability management...

I was looking for a decent way to choose a wiki the other day and came across wiki matrix. Very handy as it lets you compare several wikis by a variety of criteria

well I've picked up a new thing to learn about...
Ruby and Ruby on Rails (RoR).. so here's some info. that I've found so far
Start here - cool article on Rails http://www.onlamp.com/pub/a/onlamp/2005/01/20/rails.html
Rails Site - http://www.rubyonrails.org/
Ruby links
http://www.ruby-lang.org/en/
http://www.rubygarden.org/ruby - Ruby Garden Wiki
Ruby Eclipse Plug-in
http://www-128.ibm.com/developerworks/opensource/library/os-rubyeclipse/?ca=dgr-lnxw07Ruby4Eclipse
http://rubyeclipse.sourceforge.net/
a handy Ruby on Rails Cheetsheat

Mark's Sysinternals Blog: Circumventing Group Policy as a Limited User
Excellent post from the sysinternals blog about how windows enforces certain restrictions using group policy and a relatively easy way to bypass them in most circumstances.

I've been looking for a good music player/jukebox for a while and, hopefully, I've found one which meets all the criteria !
* plays OGG files
* has a jukebox/library feature which reads tags (without crashing!)
* cross-platform, preferably
looks like zinf's my man.