Excerpted from http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html

Source: http://kb2.adobe.com/cps/907/cpsid_90784.html

TOPIC DESCRIPTION: (provided by the speaker)

jQuery is everywhere. It’s a JavaScript framework, it’s an application development framework, and now it’s a mobile framework. Built around the rules of progressive enhancement jQuery Mobile is a mobile application framework for the next version of mobile optimized websites. In this session Andy will discuss background research done by the jQuery Mobile team, concepts used in the development of jQuery Mobile, and of course lots of code and demos. If you’re on the fence about whether to use jQuery Mobile, this session will answer all your questions.

MEETING URL: http://experts.acrobat.com/cfmeetup/
DURATION: Approx. 1 hour
Meeting will be recorded. URL will be posted after meeting at recordings.coldfusionmeetup.com

SPEAKER: (provided by the speaker)

I have been working as a web and application developer for 12 years, with experience in a wide range of industries, and a skillset which includes graphic design, programming, business strategy and planning, and marketing. Throughout my career I have been privileged to work on projects which interfaced with industry giants such as Craigslist, written code that allowed Enterprise level sales teams to quickly and efficiently build presentations for their clients, and stayed current on trends in the marketplace by helping previous employers transition to newer, more effective, coding habits and standards. I have received certifications, spoken to users at conferences around the country, and developed software for the open source community.

WHEN: Thurs. Apr 28, 6:00pm US ET (UTC/GMT-4)

What time is that for you? The following link shows . Here’s that shows the time as US ET, and lets you choose your city from the list offered to see what time that is in your own timezone.

RECORDING: As always, the meeting will be recorded, and the recording URL will be posted after the meeting at http://recordings.coldfusionmeetup.com.

DOWNLOADABLE RECORDINGS:
In addition to the streaming recording posted immediately after the meeting, we now also post downloadable recordings (FLV, MP3, MP4, and WMV) usually within a few days after the meeting, also offered as a link from the recordings page.

LOGGING IN: When you login to the Connect room (the experts.acrobat.com/cfmeetup link above) to view the meeting, PLEASE USE THE “LOGIN AS GUEST” option, and USE YOUR NAME, but do NOT attempt to use your meetup.com username/password or any Connect account. Just sign in as a guest.

RSVP, but only if coming: We do appreciate folks RSVPing if they plan to come (using the link on this email or at the meetup site), though it’s not mandatory and it’s not a commitment. But there’s no need to RSVP if you can’t make it let alone explain why you can’t. With over 2,400 members, no worries.

FEEDBACK/MEETING DISCUSSION: Members will receive an email after the meeting or can click a link on the event page to offer. Note also the meeting-specific discussion area there at the bottom, in addition to the one-chance feedback feature on the right. Feel free to engage in discussions about the meeting topic.

ADD THIS TO YOUR CALENDAR: Want to add this event to your own personal calendar? After logging in here, you’ll see an option at the top of the event page, just below the event title, saying, “Add to my calendar”, which offers calendar downloads for Outlook, iCal, Google, and Yahoo calendars. (Note that the calendar entry created will show the event taking 2 hours. That’s a default that meetup.com has chosen, which I can’t change. The meetings are generally about an hour, though often go as much as 30-45 minutes longer with Q&A and chat.)

Adobe recommends updating the Java (JDK/JRE) for all ColdFusion server versions as per Oracle’s Java update instructions. Information about the security vulnerability along with the fix is provided at the following link.

Oracle just released a Security Alert with a fix for the vulnerability CVE-2010-4476, which affects Oracle Java SE and Oracle Java For Business. This vulnerability is present in Java running on servers as well as standalone Java desktop applications. Its successful exploitation by a malicious attacker can result in a complete denial of service for the affected servers.

Read the full articles on Adobe’s and Oracle’s sites.

TOPIC DESCRIPTION: (provided by the speaker)

During this session you will see how to restrict search results and hide records based on the security or authorization level of the people using your application(s). The method is simple to implement and very user friendly.

MEETING URL: http://experts.acrobat.com/cfmeetup/
DURATION: Approx. 1 hour
Meeting will be recorded. URL will be posted after meeting athttp://recordings.coldfusionmeetup.com

SPEAKER: (provided by the speaker)

Jim Harris is a retired U.S. Army Signal Corps veteran who has been using ColdFusion to create dynamic web applications since the mid ’80s.  He holds a Masters Degree in Computer Science from Duke University. He is currently employed by LT Online Corporation out of Long Island NY as their Vice President of Application Development. Jim’s website is CF-ToolBox.com.

WHEN: Thurs. Mar 17, 12:00pm US ET (UTC/GMT-5)

What time is that for you? The following link shows [what the time would be for you]. Here’s [another option] that shows the time as US ET, and lets you choose your city from the list offered to see what time that is in your own timezone.

RECORDING: As always, the meeting will be recorded, and the recording URL will be posted after the meeting athttp://recordings.coldfusionmeetup.com.

PODCAST/DOWNLOADABLE RECORDINGS:
In addition to the streaming recording posted immediately after the meeting, we now also post downloadable recordings (FLV, MP3, and MP4) usually within a few days after the meeting, also offered as a link from the recordings page.

LOGGING IN: When you login to the Connect room (the experts.acrobat.com/cfmeetup link above) to view the meeting, PLEASE USE THE “LOGIN AS GUEST” option, and USE YOUR NAME, but do NOT attempt to use your meetup.com username/password or any Connect account. Just sign in as a guest.

RSVP, but only if coming: We do appreciate folks RSVPing if they plan to come (using the link on this email or at the meetup site), though it’s not mandatory and it’s not a commitment. But there’sno need to RSVP if you can’t make it let alone explain why you can’t. With over 2,400 members, no worries.

FEEDBACK/MEETING DISCUSSION: Members will receive an email after the meeting or can click a link on the event page to offer. Note also the meeting-specific discussion area there at the bottom, in addition to the one-chance feedback feature on the right. Feel free to engage in discussions about the meeting topic.

ADD THIS TO YOUR CALENDAR: Want to add this event to your own personal calendar? After logging in here, you’ll see an option at the top of the event page, just below the event title, saying, “Add to my calendar”, which offers calendar downloads for Outlook, iCal, Google, and Yahoo calendars.

TOPIC DESCRIPTION: (provided by the speaker)

During this session you will see a code set that examines incoming data for specific commands hackers use to plant malicious code and how to strip those commands. The demonstration will also show you a method by which you can quickly safeguard against new hack commands without distributing new templates.

MEETING URL: http://experts.acrobat.com/cfmeetup/
DURATION: Approx. 1 hour
Meeting will be recorded. URL will be posted after meeting athttp://recordings.coldfusionmeetup.com

SPEAKER: (provided by the speaker)

Jim Harris is a retired U.S. Army Signal Corps veteran who has been using ColdFusion to create dynamic web applications since the mid ’80s.  He holds a Masters Degree in Computer Science from Duke University. He is currently employed by LT Online Corporation out of Long Island NY as their Vice President of Application Development. Jim’s website is CF-ToolBox.com.

WHEN: Thurs. Mar 10, 12:00pm US ET (UTC/GMT-5)

What time is that for you? The following link shows [what the time would be for you]. Here’s [another option] that shows the time as US ET, and lets you choose your city from the list offered to see what time that is in your own timezone.

RECORDING: As always, the meeting will be recorded, and the recording URL will be posted after the meeting athttp://recordings.coldfusionmeetup.com.

PODCAST/DOWNLOADABLE RECORDINGS:
In addition to the streaming recording posted immediately after the meeting, we now also post downloadable recordings (FLV, MP3, and MP4) usually within a few days after the meeting, also offered as a link from the recordings page.

LOGGING IN: When you login to the Connect room (the experts.acrobat.com/cfmeetup link above) to view the meeting, PLEASE USE THE “LOGIN AS GUEST” option, and USE YOUR NAME, but do NOT attempt to use your meetup.com username/password or any Connect account. Just sign in as a guest.

RSVP, but only if coming: We do appreciate folks RSVPing if they plan to come (using the link on this email or at the meetup site), though it’s not mandatory and it’s not a commitment. But there’sno need to RSVP if you can’t make it let alone explain why you can’t. With over 2,400 members, no worries.

FEEDBACK/MEETING DISCUSSION: Members will receive an email after the meeting or can click a link on the event page to offer. Note also the meeting-specific discussion area there at the bottom, in addition to the one-chance feedback feature on the right. Feel free to engage in discussions about the meeting topic.

ADD THIS TO YOUR CALENDAR: Want to add this event to your own personal calendar? After logging in here, you’ll see an option at the top of the event page, just below the event title, saying, “Add to my calendar”, which offers calendar downloads for Outlook, iCal, Google, and Yahoo calendars.

Take look at this video from PBS. This is program about a touch-table. (It’s Google-Earth on steroids!!!!) About half way in the video it shows Iran’s nuclear facility and does an interesting thing.
It moves the satellite pictures as a function of time in years and lets you see what has really has been happening there!
And what they “hid” or thought they “hid” underground!

Here is the link.

.

http://kb2.adobe.com/cps/862/cpsid_86263.html

The ColdFusion directory traversal vulnerability has been classified by Adobe as important rather than critical, and I agree with A.P. (Adrian P. of GnuCitizen) that this is a mistake.  Here’s why I think this is a big mistake … on top of the excellent analysis Adrian has already done (check his excellent post here) I think it’s relevent to do a little digging yourself to understand the full scope of the potential problem.

This post is worth reading.

Here is the link.

Adobe ColdFusion is a easy to use and very widely adopted Programming language, Procheckup has discovered that the ColdFusion admin console (and various programs within) are vulnerable to multiple directory traversal attacks related to a input parameter. No authentication is needed; all that is needed is that the admin console is accessible to the Internet.
Notes: Tested on ColdFusion enterprise version7.0 amd version 8.01 running on Windows XP, and Windows 2003 R2 SP2 server and mapped to IIS 6.
Defaults were chosen with “server contained installation” “like the earlier versions”, and all subcomponents.
ColdFusion 9 provides an additional layer of filtering to prevent common attacks, preventing the below attack from working. Procheckup recommends however ColdFusion 9 users to apply the ColdFusion 9 patches as Procheckup have found the filtering can be bypassed.

Versions tested and found vulnerable
ColdFusion MX7 7,0,0,91690 base patches
ColdFusion MX8 8,0,1,195765 base patches
ColdFusion MX8 8,0,1,195765 with Hotfix4

(http://seclists.org/fulldisclosure/2010/Aug/att-127/PR10-07-nes.txt)

Hotfix available for ColdFusion  (APSB10-18)

Apply patches as described below, or restrict access to /CIDE/administrator/ by IP address or other similar controls.

See http://www.adobe.com/support/security/bulletins/apsb10-18.html