Monthly Archives: October 2014

CentOS

CESA-2014:1653 Moderate CentOS 5 openssl SecurityUpdate

CentOS Errata and Security Advisory 2014:1653 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1653.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
0f38fea6d167a87276c20f5a4d56c2f41faf7fc08d9c76e28329ecadbe0de51f  openssl-0.9.8e-31.el5_11.i386.rpm
c9660117d38961e5388d2fd72b0a68816b2047dc828a7438b0f6a4c74da4f27b  openssl-0.9.8e-31.el5_11.i686.rpm
6244227177fb88cf9db43d1ffe086014c5786f8764c1d161d7ff5c0e4b4bcb78  openssl-devel-0.9.8e-31.el5_11.i386.rpm
33e546cd8897b47e2ddf836f07ad103a2ebb2f4282cd32c7b730d39ab462b67b  openssl-perl-0.9.8e-31.el5_11.i386.rpm

x86_64:
c9660117d38961e5388d2fd72b0a68816b2047dc828a7438b0f6a4c74da4f27b  openssl-0.9.8e-31.el5_11.i686.rpm
802ed9a049e7ae8c417c2bb108348cc9bd132698e805aa68795862276a320493  openssl-0.9.8e-31.el5_11.x86_64.rpm
6244227177fb88cf9db43d1ffe086014c5786f8764c1d161d7ff5c0e4b4bcb78  openssl-devel-0.9.8e-31.el5_11.i386.rpm
70cc0ab04b906816a2b8db05603c96fb709cb45473b116c73da1e5569295672b  openssl-devel-0.9.8e-31.el5_11.x86_64.rpm
cd7303f6689aac1013530cc766a70b6fdae56dc3b87960ecdec567ed68bfb168  openssl-perl-0.9.8e-31.el5_11.x86_64.rpm

Source:
2d15a9cccc5453a329e53986061386de39e6e512af147b84354c3473b39a957b  openssl-0.9.8e-31.el5_11.src.rpm
AVG

What does the future hold for women in Tech

Enormous untapped investment opportunity exists for venture capitalists smart enough to look at the numbers and fund women entrepreneurs

Prof. Candida Brush

 

As you may have gleaned from my columns and history as a woman entrepreneur in tech, I’m a huge supporter of getting more women into the field.  Indeed, I feel that women bring a unique perspective to tech, business, investing and leadership.

For many of us in the tech field, it was disappointing to hear the comments of Microsoft’s new CEO Satya Nadella’s when asked last week at pre-imminent women’s tech conference about his advice to women interested in advancing their careers – i.e. specifically on getting a pay raise. In an interview at “Grace Hopper Celebration of Women in Computing” event, which you can read an account of here, he appears to suggest women should be quiet and wait until the system works… The comments, which produced immediate backlash, drew Nadella to respond on Twitter trying to clarify his position – that he had been inarticulate… And wrong.

Unfortunately, pay parity remains an enormous hurdle for women. As I addressed in my column on Labor Day, it’s the 77% rule (women earn 77 cents for every dollar earned by a man in the U.S.).  And while Silicon Valley has been kinder in pay parity (when job parity exists), as other recent Silicon Valley research has pointed out, there also seems to be a 30% rule when it comes to women getting tech jobs.

Certainly, more work lies ahead to change these numbers and the mindset that encourages them.

But I also was struck recently by some encouraging findings in a comprehensive new survey on venture capital funding for women entrepreneurs by Babson College in the U.S. – which points to why there should be more women entrepreneurs.

The report found a narrowing but continuing significant gender gap in venture capital–funded businesses: Early-stage investment in companies with a woman on the executive team has tripled to 15% from 5% in the last 15 years. Despite this positive trend, 85 percent of all venture capital–funded businesses have no women on the executive team – and only 2.7% of VC-funded companies had a woman CEO.

But the report also contained this jewel: Companies with women on the executive team perform better! The study found that companies with a woman on the executive team are more likely to have higher valuations at both first and last funding (64 percent higher and 49 percent higher, respectively).

Called the Women Entrepreneurs 2014: Bridging the Gender Gap in Venture Capital, the study was conducted by Brush and fellow professors leading the Diana Project, a forward-thinking program founded in 1996 to research women-led businesses globally. The report provides the first comprehensive analysis of U.S. venture capital investments in women entrepreneurs in 15 years.

The study analyzed 6,793 unique companies in the United States that received venture capital funding between 2011 and 2013. You can read the executive summary here. The report findings and recommendations were shared on September 30 at an event presented by Babson’s Center for Women’s Entrepreneurial Leadership in partnership with the EY Entrepreneurial Winning Women Program.

Babson professor Brush noted in the report, “Only a small portion of early-stage investment is going to women entrepreneurs, yet our data suggest that venture capital–funded businesses with women on the executive team perform better on multiple dimensions. The venture capital community, therefore, may be missing good investment opportunities by not investing in women entrepreneurs.”

However, another key finding of the report, and one less encouraging, was that the number of women decision-makers in the VC community has dropped since 1999 – from 10% to 6%.

Among the Babson report’s recommendations to change the paradigm: Showcase the success of growth-oriented, venture-funded women entrepreneurs. I agree. There certainly have been a number of successful women VCs and angel investors in the past 15 years. Long-time angel investor Esther Dyson and VC partners Heidi Roizen of Draper Fisher, Jurvetson and Ann Winblad of Hummer Winblad, and more recently Margit Wennemachers of Andreessen Horowitz, are a few that come to mind.

I think the opportunities are there for women, but that there can certainly be more, a fact borne out by this study. Perhaps the silver lining is that companies and VCs not motivated by a sense of equal play will be inclined to inclusion by a mercenary motive – from a closer scrutiny at the women leaders’ financial performance.

There is a huge opportunity here for people who can think outside the common dichotomy of man/CEO; man/VC; woman/somewhere else. I just look at this and think what we are missing by not navigating outside of an outdated business paradigm!

 

On another note: I’m extremely proud to be a judge for The Pitch 2014, the small business competition in the UK. AVG is a lead sponsor and mentor for the event that concludes next week in Bristol on Oct. 23.

Security

SAP Netweaver Enqueue Server Trace Pattern Denial Of Service

Core Security Technologies Advisory – A vulnerability has been found in SAP Netweaver that could allow an unauthenticated, remote attacker to create denial of service conditions. The vulnerability is triggered by sending a specially crafted SAP Enqueue Server packet to remote TCP port 32NN (NN being the SAP system number) of a host running the “Standalone Enqueue Server” service, part of SAP Netweaver Application Server ABAP/Java. The “Standalone Enqueue Server” is a critical component of a SAP Netweaver installation in terms of availability, rendering the whole SAP system unresponsive.

US-CERT

Ebola Phishing Scams and Malware Campaigns

Original release date: October 16, 2014

US-CERT reminds users to protect against email scams and cyber campaigns using the Ebola virus disease (EVD) as a theme. Phishing emails may contain links that direct users to websites which collect personal information such as login credentials, or contain malicious attachments that can infect a system.

Users are encouraged to use caution when encountering these types of email messages and take the following preventative measures to protect themselves:

This product is provided subject to this Notification and this Privacy & Use policy.

AVG

What is the POODLE Vulnerability?

The vulnerability relates to version 3 of an encryption technology known as SSL (Secure Socket Layer) that dates back to 1996. SSLv3 is still supported by most of the browsers and webservers on the Internet but has been replaced as the default encryption selection by newer encryption technology known as TLS (Transport Layer Security). Encryption is used to secure our connection on the Internet when we do, for example, online banking or purchase online.

When a browser connects to a webserver that supports this older technology there is a risk that if SSLv3 is the primary encryption or the connection security falls back from the newer TLS technology to SSLv3 then an attacker could potentially exploit this vulnerability. While it is unusual for websites to still be using SSLv3 as the default encryption technology, it is possible for an attacker to cause connection failures that force the server to default back to the older, insecure, technology.  By exploiting this vulnerability, an attacker could gain access to things like passwords and cookies, enabling him to access a user’s private account data on a website.

Companies have kept this old technology on their servers to ensure backward compatibility if needed. The two main options for companies to fix this vulnerability are to disable SSLv3 entirely, or change the security downgrade feature so that only the newer TLS encryption is used so that users remain safe.

As we have seen with these previous vulnerabilities it takes companies time to upgrade or in this case disable the software that is causing the issue (SSLv3 support) on the server and browser sides.  72 hours after the disclosure of the vulnerability, AVG researchers reveal that 37% of the top 100,000 domains are still vulnerable.

Staying safe:

Although web users can’t take any direct action to stay safe from POODLE, it is always good practice to keep all their systems and software updated.

For Windows users, run Windows Update to ensure you have installed all of the latest security patches. For Apple Mac users, ensure you run the Mac App Store and update to the latest security patches for your system.

By keeping your browser, operating system and security software up-to-date, you will ensure you have the best chance of avoiding malware and web based vulnerabilities.