News

• Hackers exploit Ruby on Rails vulnerability to compromise servers, create botnet

  Hackers are actively exploiting a critical vulnerability in the Ruby on Rails Web application development framework in order to compromise Web servers and create a botnet.

• Highly critical vulnerability fixed in Nginx Web server software

  The development team behind the popular Nginx open-source Web server software released security updates on Tuesday to address a highly critical vulnerability that could be exploited by remote attackers to execute arbitrary code on susceptible servers.

• IBM makes big mobile push with MobileFirst

  IBM is making a renewed push into the burgeoning market for all things mobile, saying it can help its corporate customers grow revenue and become more competitive through mobile app development.

• Web server hackers install rogue Apache modules and SSH backdoors, researchers say

  A group of hackers that are infecting Web servers with rogue Apache modules are also backdooring their Secure Shell (SSH) services in order to steal login credentials from administrators and users.

• Top 10 tech stories of 2012: a busted IPO, spotlight on workers, titans in transition

  Change in any industry involves conflict. Evolution and revolution in tech this year took place not only in the marketplace but also in the courtroom, the factory, and on the Web. Here are the top news stories of 2012 as selected by the editors of the IDG News Service.

• Unprotected Apache server status pages put popular websites at risk

  Many Apache Web servers, including those hosting some popular websites, expose information about the internal structure of the sites they host, the IP (Internet Protocol) addresses of their visitors, the resources users access and other potentially sensitive details because their status pages are left unprotected.

• Unpatched Apache reverse proxy flaw allows access to internal network

  A yet-to-be-patched flaw discovered in the Apache HTTP server allows attackers to access protected resources on the internal network if some rewrite rules are not defined properly.

• HTML versioning eliminated

  The working group for HTML has done away with version numbers for the Web page rendering standard.

• Oracle burnishes its Lustre

  While a number of small companies have been ramping up support for a file system called Lustre that Oracle acquired in its Sun Microsystems purchase earlier this year, Oracle itself has no plans to abandon the technology, a company executive told the IDG News Service in an interview.

• Can Oracle pull off Sun portals merger without a hitch?

  Oracle is preparing to launch a major migration of portals that serve customers and technologies gained through its acquisition of Sun Microsystems.

• Taiwanese companies join on cloud computing for Asia

  Taiwan's biggest telecommunications company, Chunghwa Telecom, signed an agreement Monday with the world's largest contract laptop maker to jointly develop cloud computing software, services and hardware products aimed at markets in Asia.

• Apache mulls end of 1.3, 2.0 releases

  The Apache Software Foundation (ASF) may stop releasing new versions of the older 1.3 and 2.0 series of its flagship Web server product with most development now focused on the 2.2 series.

• Web server attacks, poor app patching make for lethal mix

  A dangerous combination of a massive increase in Web server attacks and poor patching practices is a major cause of concern for experts, according to a report issued today by several security organizations.

• Facebook releases real-time Web server tech as open source

  Facebook is releasing as open source a Web server technology because it wants to make it easier for developers to create applications that let users post status updates in real time, a functionality popularized by Twitter.