Kerberos Critical Security Patch

Microsoft released a critical out of cycle patch yesterday (https://technet.microsoft.com/en-us/library/security/MS14-068). The security vulnerability affects Microsoft Windows Kerberos KDCs, allowing remote attackers to elevate unprivileged domain user account privileges to those of the domain administrator account.
We are notifying you of this, as some of our clients use Kerberos to provide seamless logins to their Shibboleth Identity Provider. The vulnerability however is a much larger issue than this, so should be updated regardless of whether you have seamless SSO in place or not.

Orange Day – Orangutan Awareness

Orang2

Here at Overt we are passionate about many charitable organisations. Recently Overt Software has become a patron of the Orangutan Foundation.

The Orangutan Foundation was founded in 1990. They are the foremost conservation organisation which works activly across the range of both Orangutan species.

Their Mission:
“Saving orangutans by protecting their tropical forest habitat, working with local communities and promoting research and education. Our approach goes beyond that of purely protecting orangutans. It recognises that orangutans are essential to their habitat, which is unique in its rich biodiversity and is crucial for local communities, who are as dependent on the forest as are the orangutans.”

The 10th-16th of Novemeber is Orangutan Awareness Week and Orange Day is on the 12th November. It is a time where all and any communities can come together and do small and big things to support the safeguarding of Indonesian Bornean habitat. All funds raised will go towards the conservation of orangutans in critical orangutan habitat. Our work prioritises conservation of standing forests and local capacity building to ensure orangutans and amazingly diverse habitat are protected into the future.

More information can be seen on the Orangutan Foundation website www.orangutan.org.uk

 

Shibboleth Identity Provider 2.4.3 Released

The Shibboleth Project has released a patch update, V2.4.3, of the
Identity Provider software, along with an update of the OpenSAML library,
2.6.4.

This release primarily addresses the security advisory just announced
addressing a denial of service vulnerability in the Xerces XML parser, and
fixes a bug in the code around scripted attributes when Java 8 is used.

We will be patching all affected Shibboleth IdP servers and will be in touch soon.