JSP continues fast growth, on a surprisingly diverse set of operating systems. JSP has enjoyed fast growth over the last year, but on a very different set of operating system platforms than one might expect. [Netcraft]

Not surprising. I wanted to develop the second version of Patilla.com with JSP and free it from the IIS/Windows server that ASP had condemn us to. There was no money then (at the end there was no money for me either, but the company survived). JSP is the right language for complex applications on a web page.

6:46:08 PM  What do you think? ( Thoughts) Who linked? []   

Waiting for the Worms The hole's been announced, the patch has been released. Now there's nothing to do but wait for the worm to come and wreak its ugly havoc.
By Tim Mullen

"Sitting in a bunker, here behind my wall, waiting for the worms to come. In perfect isolation, here behind my wall, waiting for the worms to come."

Strangely apropos, this Pink Floyd lyric reflects the current mindset of many security-folk given the latest announcement of a critical vulnerability in most Microsoft Windows operating systems.

Yes, servers should be behind a firewall. Yes, routers should have ACLs that only allow needed ports to reach the firewall. But Trusted Computing cannot mean "trusted if behind a firewall." It must mean that default services on products designed to provide Internet services are free of buffer overflows. This goes for all manufactures of products sold under the "Internet Services" bill.

As a security person, I get paid to be accurate. In this case, I hope I'm wrong -- but I hope I'm wrong for the right reason. In six months we can sit back and say, "see, I told you so," while others put in 20-hour-a-day weekends cleaning up Mescaline. Or we can be proactive and get the word out as security evangelists: patch and protect your systems, practice least privilege and implement security in depth.

[Via Scobble]

Lots of well reasoned gems in this article...

12:45:37 PM  What do you think? ( Thoughts) Who linked? []   

Cracking Windows passwords in seconds. Researchers outline a way to speed the cracking of alphanumeric Windows passwords, reducing the time to break such codes to an average of 13.6 seconds from 1 minute 41 seconds. [CNET News.com]

And this is the system that the Homeland Security Department uses... Do y'all feel safe now? Let me repeat that in case you don't understand a malicious intruder will need only a few minutes with the password files to get hundreds of your passwords. In Unix (including Linux) the attack is 4000 times slower... 4000!

8:15:31 AM  What do you think? ( Thoughts) Who linked? []