Oracle Poodle BugIT SECURITY

POODLE BUG: Poodle Bug Marks Third Major Security Flaw Discovered This Year. First there was Heartbleed, then Shellshock, and now Poodle, yet another serious security vulnerability in yet another widely used piece of software that went unnoticed for years. This time, the Poodle vulnerability — which stands for Padding Oracle On Downloaded Legacy Encryption — was found in a 15-year-old web encryption technology called SSL 3.0. SSL, which stands for Secure Sockets Layer, is the technology that encrypts a user’s browsing session, making it difficult for anyone using the public Wi-Fi at Starbucks, for instance, to eavesdrop. The Poodle bug makes it possible for hackers to hijack their victim’s browsing session and do things like take over their email, online banking, or social networking account. Read more
[BITS.BLOG.NYTIMES.COM]

JAVA: Java Reflection API Woes Resurface in Latest Oracle Patches. Problems with the maligned Java
Reflection API, the molten core of far too many exploited Java vulnerabilities in 2013, have surfaced again. Read now
[THREATPOST.COM]

DETECTING USER THREATS: Using Logs to Detect User-Based Threats. A common theme at the Splunk user conference is the idea that the users are the greatest threat. Even in a well-regulated enterprise where no one has more privileges than what’s needed to do their job, a typical user has more than enough ability to steal massive amounts of data or cause widespread problems. Read more
[INFOQ.COM]

PRIVACY: ‘Fingerprinting’ tool challenges privacy safeguards for federal websites. A recently discovered tool for tracking computer identities could threaten the privacy of visitors to thousands of popular websites, including dozens of federal sites. Read more
[FCW.COM]

FEDERAL GOVERNMENT

GSA: Feds Buy Back USASpending.gov Website After Contractor Bankruptcy. The government procured its own spending transparency website and the primary data system behind it on the same day last month the contract to manage the systems was set to expire, new documents show. Read more
[NEXTGOV.COM]

DOE: DOE, Google back quantum computing research. The Department of Energy is investing in a project to speed the development of unhackable quantum encryption technology that will protect the country’s power grid from cyberattack. Read more
[GCN.COM]

OPM: Obama to Federal Agencies: Hire More Unemployed People, Debtors. President Obama wants to help unemployed Americans find jobs, and he wants to ensure federal agencies are open to hiring them. Read more
[GOVEXEC.COM]

ELECTRONIC DOCUMENT MANAGEMENT

PAPERLESS GOVERNMENT: Why Go Paperless – Why ECM is Essential Technology for Local Government. One of the hottest technology topics in government is the idea of creating a paperless government. It is definitely on the minds of government leaders. Here’s some statistics to consider. Read more
[GOVLOOP.COM]

==========

APPLICATION DEVELOPMENT: Blue Mountain is dedicated to Applications and Systems Integration, Electronic Document Management Systems and the Automation of Workflow Processes. Call us at 703-502-3416.

==========

ATTN: Federal & State CTOs CIOs CISOs: Daily Tech Update – October 16, 2014

Leave a Reply