Re: Security Hole - NetCloak Update

This WebDNA talk-list message is from

1998


It keeps the original formatting.
numero = 18858
interpreted = N
texte = Here is the message being posted to the NetCloak listserv. We'll also post it to WebStar-Talk today, with a follow up message going out once we're completely confident 2.5.4 addresses every aspect of the problem.------------------------------------------------------------------A potentially serious security problem has been identified in NetCloak 2.5.3 and earlier versions. This problem was brought to our attention last night, and has been initially addressed by an update, version 2.5.4 F1, which is available now. Because of the seriousness of the problem, we are releasing this update immediately as a Final Candidate with full release testing to come over the next week. Once the user(s) that identified the problem are satisfied that the hole has been completely removed, and our own testing shows that no new problems have been created, the Final Candidate designation will be removed and 2.5.4 will officially ship.At this time, additional information on the security hole can not be given, because the information could potentially be used against Web sites that have not performed the 2.5.4 update. The problem clearly lies with NetCloak, and is serious enough that all NetCloak users with secure content on their servers should install the update immediately. While the hole has existed for some time without any known break-ins, the potential risk is substantial and should be taken very seriously by all NetCloak users.------------------------------------------------------------------Again, thanks to those who, with a level head, pointed out this problem and helped us fix this hole.John------------------------------------------------------ John O'Fallon john@maxum.com Maxum Development http://www.maxum.com/ More velcro... We need more velcro! ------------------------------------------------------ Associated Messages, from the most recent to the oldest:

    
  1. Re: Security Hole - NetCloak Update (Paul Uttermohlen 1998)
  2. Re: Security Hole - NetCloak Update (Peter Ostry 1998)
  3. Re: Security Hole - NetCloak Update (John O'Fallon 1998)
  4. Re: Security Hole - NetCloak Update (John O'Fallon 1998)
  5. Re: Security Hole - NetCloak Update (Charles Kefauver 1998)
  6. Re: Security Hole - NetCloak Update (Paul Uttermohlen 1998)
  7. Re: Security Hole - NetCloak Update (John O'Fallon 1998)
Here is the message being posted to the NetCloak listserv. We'll also post it to WebStar-Talk today, with a follow up message going out once we're completely confident 2.5.4 addresses every aspect of the problem.------------------------------------------------------------------A potentially serious security problem has been identified in NetCloak 2.5.3 and earlier versions. This problem was brought to our attention last night, and has been initially addressed by an update, version 2.5.4 F1, which is available now. Because of the seriousness of the problem, we are releasing this update immediately as a Final Candidate with full release testing to come over the next week. Once the user(s) that identified the problem are satisfied that the hole has been completely removed, and our own testing shows that no new problems have been created, the Final Candidate designation will be removed and 2.5.4 will officially ship.At this time, additional information on the security hole can not be given, because the information could potentially be used against Web sites that have not performed the 2.5.4 update. The problem clearly lies with NetCloak, and is serious enough that all NetCloak users with secure content on their servers should install the update immediately. While the hole has existed for some time without any known break-ins, the potential risk is substantial and should be taken very seriously by all NetCloak users.------------------------------------------------------------------Again, thanks to those who, with a level head, pointed out this problem and helped us fix this hole.John------------------------------------------------------ John O'Fallon john@maxum.com Maxum Development http://www.maxum.com/ More velcro... We need more velcro! ------------------------------------------------------ John O'Fallon

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Avery Label PDF Template (2003) TCPconnect to DNS (2000) Text in coloums... (2000) Word Breaks (1998) Request for help on a new *automated* WebCatalog function ... (1998) wc 2 pro users - sites, quotes wanted (1997) form data submission gets truncated (1997) Using [Showif] tag. Mac (1997) Displaying photo attached to first record (1997) Not carrying Zero (2000) Special characters in field names (1998) Menu to select product variations (1997) Understanding texta (1997) Directory Traversal (2007) Auto SKU's (2000) Suggestions on best way to work with yyyy/mm/dd (1997) Server slowing down. (1997) searchable list archive (1997) Sendmail strangie (2002) Electronic Delivery (1997)