Secunia Security Advisory - SUSE has issued an update for kernel. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

Secunia Security Advisory - SUSE has issued an update for MySQL. This fixes multiple vulnerabilities, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct brute force attacks.

Secunia Security Advisory - SUSE has issued an update for gnutls. This fixes a vulnerability, which can be exploited by malicious people to potentially cause a DoS (Denial of Service) in an application using the library.

Secunia Security Advisory - SUSE has issued an update for opera. This fixes multiple vulnerabilities, where one has an unknown impact and others can be exploited by malicious people to compromise a user's system.

Secunia Security Advisory - SUSE has issued an update for opera. This fixes a vulnerability with an unknown impact.

Secunia Security Advisory - SUSE has issued an update for flash-player. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system.

Secunia Security Advisory - SUSE has issued an update for wireshark. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

Secunia Security Advisory - SUSE has issued an update for libvirt. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a vulnerable system.

Secunia Security Advisory - SUSE has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious people to conduct clickjacking attacks.

Secunia Security Advisory - SUSE has issued an update for libvirt. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

Secunia Security Advisory - SUSE has issued an update for ruby on rails. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct SQL injection attacks and to compromise a vulnerable system.

Mandriva Linux Security Advisory 2015-046 - Stephen Roettger of the Google Security Team, Sebastian Krahmer of the SUSE Security Team and Harlan Stenn of Network Time Foundation discovered that the length value in extension fields is not properly validated in several code paths in ntp_crypto.c, which could lead to information leakage or denial of service. Stephen Roettger of the Google Security Team reported that ACLs based on IPv6 ::1 addresses can be bypassed.

Mandriva Linux Security Advisory 2015-140 - If no authentication key is defined in the ntp.conf file, a cryptographically-weak default key is generated. ntp-keygen before 4.2.7p230 uses a non-cryptographic random number generator with a weak seed to generate symmetric keys. A remote unauthenticated attacker may craft special packets that trigger buffer overflows in the ntpd functions crypto_recv() (when using autokey authentication), ctl_putdata(), and configure(). The resulting buffer overflows may be exploited to allow arbitrary malicious code to be executed with the privilege of the ntpd process. A section of code in ntpd handling a rare error is missing a return statement, therefore processing did not stop when the error was encountered. This situation may be exploitable by an attacker. Stephen Roettger of the Google Security Team, Sebastian Krahmer of the SUSE Security Team and Harlan Stenn of Network Time Foundation discovered that the length value in extension fields is not properly validated in several code paths in ntp_crypto.c, which could lead to information leakage or denial of service. Stephen Roettger of the Google Security Team reported that ACLs based on IPv6 ::1 addresses can be bypassed. The ntp package has been patched to fix these issues.

This Metasploit module exploits an unauthenticated remote PHP code execution vulnerability in IBM OpenAdmin Tool included with IBM Informix versions 11.5, 11.7, and 12.1. The 'welcomeServer' SOAP service does not properly validate user input in the 'new_home_page' parameter of the 'saveHomePage' method allowing arbitrary PHP code to be written to the config.php file. The config.php file is executed in most pages within the application, and accessible directly via the web root, resulting in code execution. This Metasploit module has been tested successfully on IBM OpenAdmin Tool 3.14 on Informix 12.10 Developer Edition (SUSE Linux 11) virtual appliance.

Debian Security Advisory DSA 830-1 - Drew Parsons noticed that the post-installation script of ntlmaps, an NTLM authorization proxy server, changes the permissions of the configuration file to be world-readable. It contains the user name and password of the Windows NT system that ntlmaps connects to and, hence, leaks them to local users.

Cisco Security Advisory - Multiple vulnerabilities exist in the Cisco ASA 5500 Series Adaptive Security Appliances and Cisco PIX Security Appliances. These include Windows NT domain authentication bypass, IPv6 denial of service, and a Crypto Accelerator memory leak.

This Metasploit module exploits a stack overflow in the NetApi32 CanonicalizePathName() function using the NetpwPathCanonicalize RPC call in the Server Service. It is likely that other RPC calls could be used to exploit this service. This exploit will result in a denial of service on on Windows XP SP2 or Windows 2003 SP1. A failed exploit attempt will likely result in a complete reboot on Windows 2000 and the termination of all SMB-related services on Windows XP. The default target for this exploit should succeed on Windows NT 4.0, Windows 2000 SP0-SP4+, Windows XP SP0-SP1 and Windows 2003 SP0.

This Metasploit module exploits a stack overflow in the RPCSS service, this vulnerability was originally found by the Last Stage of Delirium research group and has bee widely exploited ever since. This Metasploit module can exploit the English versions of Windows NT 4.0 SP3-6a, Windows 2000, Windows XP, and Windows 2003 all in one request :)

This exploits a buffer overflow in the ISAPI ISM.DLL used to process HTR scripting in IIS 4.0. This Metasploit module works against Windows NT 4 Service Packs 3, 4, and 5. The server will continue to process requests until the payload being executed has exited. If you've set EXITFUNC to 'seh', the server will continue processing requests, but you will have trouble terminating a bind shell. If you set EXITFUNC to thread, the server will crash upon exit of the bind shell. The payload is alpha-numerically encoded without a NOP sled because otherwise the data gets mangled by the filters.

South African Energy Minister Tina Joemat-Pettersson said her department wants to address weaknesses in the process of commissioning renewable-power projects.

The U.S. Department of Commerce just announced that it will add high tariffs for solar modules imported from China. The Canadian government is also investigating the adoption of similar measures, following recent complaints filed by Ontario-based solar manufacturers. With the solar industry in hypergrowth, it’s not a surprise that these governments are interested in boosting new jobs, protecting their economies, and fostering the solar sector. The problem is that tariffs are a short-sighted approach that actually attack the future of North American solar on its home soil, and likely destroy more jobs than they create.

The Detroit Power Outage brought eight hours of hardship to Detroit on Dec. 2 — hardship that could have been averted with microgrids.

All of us here at RenewableEnergyWorld.com would like to wish everyone a very merry Christmas and a happy holiday season.

Oil prices have fallen by more than half since July. Just five years ago, such a plunge in fossil fuels would have put the renewable-energy industry on bankruptcy watch. Today: Meh.

A "dark horse" is defined as a little-known entity that emerges to prominence in the face of competition — a contestant that seems unlikely to succeed. I borrow the term from a conversation last week, wherein India was referred to as the dark horse in the global race to go solar.

In a lopsided 23-3 vote, the U.S. Senate Finance Committee voted yesterday to extend a number of renewable energy production tax credits through the end of 2016. The vote allows developers of wind, geothermal, biomass, landfill gas, incremental hydroelectric, and ocean energy to take advantage of federal tax credits for projects begun before December 31, 2016.

Chief among big renewable winners was the wind energy industry, which received extensions to the Production Tax Credit (PTC) and the Investment Tax Credit (ITC). If passed, wind farms would qualify for a 2.3-cent-per-kilowatt-hour (kWh) credit through the end of 2016.

IT Services Giant Offers Update During Quarterly Financial Results Call
Cognizant estimates that the April ransomware attack that affected its internal network will cost the IT services firm between $50 and $70 million in losses, according to the company's latest financial results. Cognizant has said that the Maze ransomware gang is behind the attack.

To those in the climate change field the name Mark Z. Jacobson needs no introduction. The director of the Atmosphere and Energy Program at Stanford University is credited with having written the book on computer modeling for atmospheric changes, as well as being a recognized expert in the impacts of energy production and a staunch supporter of renewables.

Coal contributes 60 percent to India's power mix today; solar is less than 1 percent. But what was a factor-of-seven difference between the cost of coal and solar two years ago shrank this summer to just a 1.8x gap. Can solar catch up within the next ten years?

The SEC has finally proposed its rules to allow crowd-funding under the Jumpstart Our Business Startups (JOBS) Act. What do they mean for small-scale investments in renewable energy companies and projects?

The U.S. brought online nearly 700 MW of new electricity generation in October, and practically all of it was large-scale solar energy, according to data from the Federal Energy Regulatory Commission's (FERC) Office of Energy Projects.

The third quarter earnings season has been quite eventful for my Ten Clean Energy Stocks for 2013 and six alternative picks model portfolios, so much so that writing about them has taken a back seat to keeping up with the announcements. There were a number of earnings disappointments and earnings announcements which were in line with my expectations but the market treated like disappointments. These resulted in an overall decline of 2.5 percent for the portfolio since the last update, even as my industry benchmarks, the Powershares Wilderhill Clean Energy (PBW) and my small cap benchmark (IWM) were up 1.0 percent and 3.9 percent over the months since October 15th.

India's solar market is on track to be roughly the same in 2013 as it was in 2012, which is surprising given the ~20 percent overall growth projected for global solar demand. But optimism and expectations continue to emerge for India's solar potential.

As we come into the final stretch of 2013, my annual model portfolio of Ten Clean Energy Stocks for 2013 looks certain to break its five year winning streak of beating its industry benchmark. As of December 6th, the model portfolio's total return has been 19.0 percent, compared to a sunny 56.1 percent for my benchmark, the Powershares Wilderhill Clean Energy (PBW). The broad market, as represented by the Russell 2000, also resoundingly beat my model portfolio, and is up 37.5 percent. My six alternative picks fared even worse than my top ten.

It’s easy to get caught up in the holiday bustle: shopping, decorating, parties, and preparation. Our to-do lists can seem endless, but we carry on because it is that special time of year, a season of giving.

After being shut out of previous renewable energy auctions, and delaying its own auction by two weeks, the state government of Pernambuco held the nation's first solar energy auction on December 27, registering 122.82 MW of energy, six times the country's current entire solar energy output (20 MW). The auction involved 34 bidders proposing roughly 1 GW of capacity; at the end it was narrowed to six companies from Brazil, Italy, Germany, China and Spain. Average price of power finished trading at 228.63 Brazilian reais/MWh (just under U.S. $97), about 9 percent lower than the starting price of R 250.

The European Union should ensure that future climate and energy policies do not undermine the competitiveness of its industry, already weakened by a price gap with the U.S., the bloc’s member states said.

What’s a beleaguered utility to do when forced by the government to close its profitable nuclear power plants?

Clean energy investment rose by 9 percent in the first quarter from a year earlier on surging demand for rooftop solar panels from the U.S. to Japan.

The European Union needs an ambitious emissions-reduction goal, targets for energy- efficiency and renewables as well as tools to foster investment under its planned 2030 policies, an advisory panel to 14 ministers said.