Ricardo Parente's Blog

The Google Chrome team is pleased to announce the arrival of Chrome 13.0.782.107 to the Stable Channel for Windows, Mac, Linux, and Chrome Frame.  Spanning 5200+ revisions, Chrome 13 contains some exciting new features like Instant Pages prerendering technology. To find out about other new features, check out the Official Chrome Blog. Excerpted from http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html

ColdFusion 9.0.1, ColdFusion 9, ColdFusion 8.0.1, and ColdFusion 8 are affected with vulnerabilities mentioned in the security bulletins APSB11-14 and APSB11-15. This TechNote provides fixes for the security issues mentioned in both the bulletins along with the installation instructions. Source: http://kb2.adobe.com/cps/907/cpsid_90784.html  

Our 6pm (US ET) talk on Thursday Apr 28 will be part two of two in the day from different speakers, but both on JQuery Mobile. Second up at 6pm will be “Using jQuery Mobile for your Next Web Application”, with Andy Matthews. At noon Ray Camden will have offered a preliminary talk (details in [...]

The Oracle security Alert CVE-2010-4476 affects ColdFusion versions 9.0.1, 9.0, 8.0.1, and 8.0. Adobe recommends updating the Java (JDK/JRE) for all ColdFusion server versions as per Oracle’s Java update instructions. Information about the security vulnerability along with the fix is provided at the following link. Oracle just released a Security Alert with a fix for the [...]

Our 12pm (US ET) talk on Thursday Mar 17 will be “Security: Hiding Information from Individuals Not Authorized To See It”, with Jim Harris. TOPIC DESCRIPTION: (provided by the speaker) During this session you will see how to restrict search results and hide records based on the security or authorization level of the people using your [...]

Our 12pm (US ET) talk on Thursday Mar 10 will be “Security: Wash Your Incoming Data using ColdFusion”, with Jim Harris. TOPIC DESCRIPTION: (provided by the speaker) During this session you will see a code set that examines incoming data for specific commands hackers use to plant malicious code and how to strip those commands. The [...]

Take look at this video from PBS. This is program about a touch-table. (It’s Google-Earth on steroids!!!!) About half way in the video it shows Iran’s nuclear facility and does an interesting thing. It moves the satellite pictures as a function of time in years and lets you see what has really has been happening there! And [...]

For those who haven’t installed the latest hotfix for ColdFusion 9.0.1 from Adobe, here is the link: http://kb2.adobe.com/cps/862/cpsid_86263.html

The ColdFusion directory traversal vulnerability has been classified by Adobe as important rather than critical, and I agree with A.P. (Adrian P. of GnuCitizen) that this is a mistake.  Here’s why I think this is a big mistake … on top of the excellent analysis Adrian has already done (check his excellent post here) I [...]

Adobe ColdFusion is a easy to use and very widely adopted Programming language, Procheckup has discovered that the ColdFusion admin console (and various programs within) are vulnerable to multiple directory traversal attacks related to a input parameter. No authentication is needed; all that is needed is that the admin console is accessible to the Internet. [...]