Google Chrome prior to 6.0.472.53 Multiple Security Vulnerabilities

libmikmod Multiple Buffer Overflow Vulnerabilities

Winamp Module Decoder Plugin Multiple Buffer Overflow Vulnerabilities

OpenJournalSystem suffers from stored cross site scripting vulnerabilities.

Zenphoto version 1.3 suffers from remote SQL injection and cross site scripting vulnerabilities.

It seems like almost every day someone in the tech press or someone commenting in a technical forum will claim that Linux adoption on the desktop (including laptops) is insignificant. The number that is thrown around is 1%. These claims are even repeated by some who advocate for Linux adoption. Both the idea that Linux market share on the desktop is insignificant and the 1% figure are simply false and have been for many years.

Did you know eight out of ten women wear the wrong bra size? Of course you didn’t. Now, thanks to Israeli iPhone app dev house, Digital Relations, you can celebrate the Jewish New Year with the correct support your loved ones’ bosoms need. Say hello to FITS, the iPhone app that helps you measure breast size. Happy new year indeed!

The story behind the app is that one of the developers at Digital Relations had an “embarrassing session with the saleswoman at the bra-shop”. As he made his cowardly escape, and evidently being a full-fledged dork, he thought to himself “hey, there should be an app for exactly these situations.”

You can either use a frontal photo, or a combination of one frontal and one profile photo. In both cases you can either take the shot on the spot, or browse your iPhone’s photo gallery. You then need to size and position a female silhouette over the body of the woman whose breasts you’re trying to measure. The next step is to superimpose a pink bra over the bust. Then you need to enter height and you’re done.

Bra sizes are given in five standard measurements systems: US, UK, AUS, EU & FR.

I can’t say I thoroughly tested the app, but I tried it out thanks to the kind indulgence of a friend who requested only to be known as ‘Jessica’. See her photo above.

No need to take this app too seriously of course… Just a bunch of geeks developing a dorky iPhone app that could be a hit with frat guys. Sometimes, putting a smile on people’s faces is good enough. Better yet when you can also put a cartoon character over their bodies.

You can download FITS, here for $0.99. Remember, beads not included.

Shana Tova everyone!

Asymco, a Helsinki-based app developer / industry analysis advisory firm, ironically founded and led by a longtime Nokia manager, just posted this telling chart on its blog:

According to the firm’s research, iTunes download rates for music and iOS apps are both still growing, but accelerating much faster for the latter. In fact, Asymco posits, based on data from the recently updated Music and App Store, that the total number of app downloads has already reached the same level as that of songs in less than half the time.

Assuming Asymco’s numbers are correct, it took roughly 2.2 years for the App Store to serve up 6.3 billion apps, while it took approximately five years for the iTunes Music Store to reach that same number.

If current trends persist for both, Asymco considers it likely that app downloads will overtake song downloads by year’s end.

Cumulative unit rates aside, Asymco last weekend posted another graph, depicting how music downloads continue to slow, particularly compared to apps.

Asymco says iOS users are currently downloading 17.6 million apps compared to roughly 7.5 million songs per day, on average.

I bet even Steve Jobs didn’t see that one coming.

(Thanks to @ScepticGeek for the pointer)

Ubuntu Security Notice 983-1 – Markus Wuethrich discovered that sudo did not always verify the user when a group was specified in the Runas_Spec. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use a program as a group when the attacker was not a part of that group.

Ubuntu Security Notice 984-1 – It was discovered that LFTP incorrectly filtered filenames suggested by Content-Disposition headers. If a user or automated system were tricked into downloading a file from a malicious site, a remote attacker could create the file with an arbitrary name, such as a dotfile, and possibly run arbitrary code.

Gentoo Linux Security Advisory 201009-4 – Multiple stack-based buffer overflow vulnerabilities were discovered in SARG allowing for remote code execution. Multiple vulnerabilities were discovered in SARG. Versions less than 2.2.5-r5 are affected.

[ GLSA 201009-03 ] sudo: Privilege Escalation

[TEHTRI-Security Training + 0days] "Hunting Web Attackers" at HITBSecConf

We love feel-good stories about how open source software helps improve living conditions in third-world countries or comes to the rescue in times of crisis, but this one really takes the cake. A Canadian non-profit foundation specializing raising awareness about schizophrenia was saved from going under by deploying open source software to manage its day-to-day office needs. If FOSS developers need a reminder of why you grind away at code for so little in return, here it is.

Gentoo Linux Security Advisory 201009-5 – Multiple vulnerabilities in Adobe Reader might result in the execution of arbitrary code or other attacks. Multiple vulnerabilities were discovered in Adobe Reader. Versions less than 9.3.4 are affected.

SeeMe has discovered a vulnerability in emails.fedex.com, which could be exploited by malicious people to conduct XSS attacks.

SeeMe has discovered a vulnerability in offer.van.fedex.com, which could be exploited by malicious people to conduct XSS attacks.

Textpattern CMS version 4.2.0 suffers from a cross site scripting vulnerability.

The city, as we imagine it — myth, aspiration, nightmare — is maybe more real, than the hard city one can locate on maps and statistics.

"The world was a cruel, unjust place and, far from saving it, I felt stuck in it. Then I learned that I should fight to change it anyway."

For many women, getting access to abortion has become extraordinarily difficult. Conservatives' plan is to make it impossible.

I used to think being a vegan was the only ethical way to eat. But an important new book suggests we can change our food system to allow for healthy meat consumption.

Slashdot: Sony Has Lost the PS3 Hacking War

Even the seemingly simple right click menu in Ubuntu Gnome is getting designer’s attention. Has anybody noticed that, there are already about 20 or so entries in the right click menu of a folder in Nautilus? Somebody has. Take a look at this ‘right click menu alternative’ mockup.

Gentoo Linux Security Advisory 201009-6 – Multiple vulnerabilities have been reported in Clam AntiVirus. Versions less than 0.96.1 are affected.

This is a backdoor PHP shell from ITSecTeam.

Whitepaper called JIT Spraying and Mitigations.

EncFS is an encrypted pass-through filesystem which runs in userspace on Linux (using the FUSE kernel module). Similar in design to CFS and other pass-through filesystems, all data is encrypted and stored in the underlying filesystem. Unlike loopback filesystems, there is no predetermined or pre-allocated filesystem size.

MySource Matrix version 3.28.3 suffers from a cross site scripting vulnerability.

Debian Linux Security Advisory 2104-1 – Several remote vulnerabilities have been discovered in the BGP implementation of Quagga, a routing daemon.