security vulnerability

Goodbye Thunderbird?

Submitted by Bryan on February 12, 2008 - 12:17am

I am saddened by continued reports that support for Mozilla's email client, Thunderbird, continues to diminish. From DesktopLinux:

The Mozilla Foundation's press release focused on the Firefox 2.12 security fixes. The Foundation also reported, though, in its MFSA (Mozilla Foundation Security Advisory), that these same bugs had been fixed in the fictitious Thunderbird 2.12...

...Still, it is upsetting that Mozilla reports that these problems have been fixed in a version of Thunderbird that doesn't exist. The latest version of Thunderbird is 2.09.

Mitchell Baker posted last September the transfer of Thunderbird from Mozilla to a yet to be seen Mailco organization. Just as DesktopLinux mentioned in their article, I've seen little information about what we can with regards to Thunderbird's future. Perhaps, I'm just not looking in the wrong places?

»

Wordpress 2.3.3 fixes XML-RPC exploit

Submitted by CMS Report on February 5, 2008 - 1:05pm

"WordPress 2.3.3 is an urgent security release. A flaw was found in our XML-RPC implementation such that a specially crafted request would allow any valid user to edit posts of any other user on that blog. In addition to fixing this security flaw, 2.3.3 fixes a few minor bugs. If you are interested only in the security fix, download the fixed version of xmlrpc.php and copy it over your existing xmlrpc.php. Otherwise, you can get the entire release here."

Complete Story

»

Elgg 0.8.1 security update and Elgg 0.7 patch

Submitted by Bryan on November 1, 2007 - 6:09pm

Update for Elgg is available to help fix a potential security vulnerability.

A security issue was detected in Elgg versions 0.8 and 0.7 which could potentially lead to a site compromise. Users are encouraged to update their system to release 0.8.1, users using version 0.7 can apply a patch, both available for immediate download from sourceforge.

Original Announcement

 

»

Drupal 4.7.8, 5.3 and CMS Report

Submitted by Bryan on October 19, 2007 - 12:45am
A couple days ago, Drupal 4.7.8 and 5.3 were released.  Drupal 5.3 is a maintenance release that addresses five security vulnerabilities as well as a number of bug fixes.  For additional information and download links, please see the official announcement at Drupal.org.

CMSReport.com, which uses the Drupal CMS, upgraded from Drupal 5.2 to Drupal 5.3 late Thursday night.  No problems, no worries.
»

Gallery 2.2.3 Security Fix Release

Submitted by CMS Report on September 4, 2007 - 1:05am
"Gallery 2.2.3 is now available for download. This release adds no new features. It fixes critical application security bugs in the WebDAV and Reupload modules. If the WebDAV or Reupload modules are active in your Gallery we strongly recommend that you either disable them, upgrade them via Downloadable Plugins or perform a complete upgrade to version 2.2.3."

Complete Story
»

InfoWorld: Experts - U.S. vulnerable to major cyberattacks

Submitted by CMS Report on April 27, 2007 - 10:05am
"The U.S. government needs to take action now to avoid crippling cyberattacks that could shut down major communications systems nationwide, a group of cybersecurity experts told U.S. lawmakers Wednesday.

"We are a nation unprepared to properly defend ourselves and recover from a strategic cyberattack," said O. Sami Saydjari, president of Professionals for Cyber Defense and CEO of Cyber Defense Agency, speaking before the U.S. House of Representatives Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology. "Inaction isn't an option.""

Complete Story

»

DotNetNuke: Forums module updated to address security issues

Submitted by Bryan on April 11, 2007 - 5:05pm
"A new version of the forums module, 03.20.09, has just been released to address some critical security issues. The vulnerabilites that have been fixed were all cross-site scripting issues (XSS), where malicious users could potentially inject dangerous html and javascript into forum content."

Complete Story
»

CNET: Mac flaw puts Safari surfers at risk

Submitted by Bryan on January 11, 2007 - 7:05pm

"The flaw can be exploited if the Mac user has enabled an option in Safari to "open safe files after downloading," Secunia said in an advisory Thursday. The security company has rated the problem 'highly critical'."

 

»

Ruby: Another DoS Vulnerability in Ruby CGI Library

Submitted by Bryan on December 3, 2006 - 10:55pm

"Another vulnerability has been discovered in the CGI library (cgi.rb) that ships with Ruby which could be used by a malicious user to create a denial of service attack (DoS)."

Complete Story


»

The botnets are coming to a Windows PC near you

Submitted by Bryan on November 30, 2006 - 5:03pm

The November 20, 2006 article "Spam surge linked to hackers" from eWeeks is a must read. Unfortunately, I can't find the actual online version of the article in print. I did however find a variant of the article posted as Pump and dump spam surge linked to Russian Bot Herders.

The article discusses the increasing complexity hackers are using botnets running on tens of thousands of hijacked Windows computers to spread spam. The article focuses on the research by SecureWorks regarding the malware trojan called Troj/SpamThru. Some scary unique features have been identified with this trojan including:

  • Peer to Peer Communication (hackers can have control without a server)
  • Anti-Virus Scanning (Uses anti-virus software to scan against rivals)
  • Template-based spam
  • Almost half of the PCs infected are PCs with Windows XP SP2 installed (outside of Vista, Microsoft's most secure Windows system to date).

Do I bring this up because I don't like Microsoft products? Not at all and in fact as I write this post I'm using a Windows XP system. My point is that if you plan on using Windows XP do all of us a favor and be sure you've installed on your PC the latest software updates and security patches available.

»
Syndicate content