tenest has discovered a vulnerability in www.ektron.com, which could be exploited by malicious people to conduct XSS attacks.

continue reading.....

tenest has discovered a vulnerability in www.ektron.com, which could be exploited by malicious people to conduct XSS attacks.

continue reading.....

Ubuntu is NOT causing aggressive power management settings! I’m afraid that quite some people are getting a high Load_Cycle_Count because their laptop (BIOS or harddrive firmware) uses too aggressive powermanagement. These aggressive power management settings are set by your BIOS or harddrive firmware. Windows and/or Mac OS X might be overriding these settings which might make Ubuntu look bad if Ubuntu doesn’t override these settings.

continue reading.....

Ubuntu is NOT causing aggressive power management settings! I’m afraid that quite some people are getting a high Load_Cycle_Count because their laptop (BIOS or harddrive firmware) uses too aggressive powermanagement. These aggressive power management settings are set by your BIOS or harddrive firmware. Windows and/or Mac OS X might be overriding these settings which might make Ubuntu look bad if Ubuntu doesn’t override these settings.

continue reading.....

tenest has discovered a vulnerability in www.chicagomarathon.com, which could be exploited by malicious people to conduct XSS attacks.

continue reading.....

tenest has discovered a vulnerability in www.chicagomarathon.com, which could be exploited by malicious people to conduct XSS attacks.

continue reading.....

What a boondoggle 9/11 has been for the merchants of war, who this week announced yet another quarter of whopping profits made possible by George Bush.

continue reading.....

Amy Goodman talks about carrying on with Bell’s palsy — and the other public figures who’ve kept working during the illness, too.

continue reading.....

Amy Goodman talks about carrying on with Bell’s palsy — and the other public figures who’ve kept working during the illness, too.

continue reading.....

What a boondoggle 9/11 has been for the merchants of war, who this week announced yet another quarter of whopping profits made possible by George Bush.

continue reading.....

In public health, harm reduction is a practice that, rather than trying to eradicate potentially dangerous choices like prostitution, tries to minimize their effects. Often, the practice involves a limited condoning of the practice, such as safe injec…

continue reading.....

The Perfect Desktop – Ubuntu Studio 7.10

This document describes how to set up an Ubuntu Studio 7.10 desktop.
The result is a fast, secure and extendable system with focus on
multimedia creation – the real-time (RT) kernel is installed by
default. It provides all you need for daily work and entertainment.

Read more…

continue reading.....

Day 2 of the Developer Summit was sunny and beautiful, as many took advantage of the rooftop garden near the conference rooms. Starting the sessions today were roundtables about many topics including the community, desktop, server, and others. After these followed the usual sessions, as per today’s schedule: The Community Roundtable, Defining a roadmap for supporting LoCo teams, Rethinking the logout dialog, Automatix and Ubuntu collaboration and Third Party Apt.

continue reading.....

Day 2 of the Developer Summit was sunny and beautiful, as many took advantage of the rooftop garden near the conference rooms. Starting the sessions today were roundtables about many topics including the community, desktop, server, and others. After these followed the usual sessions, as per today’s schedule: The Community Roundtable, Defining a roadmap for supporting LoCo teams, Rethinking the logout dialog, Automatix and Ubuntu collaboration and Third Party Apt.

continue reading.....

Re: [gentoo-announce] [ GLSA 200710-30 ] OpenSSL: Remote executionof arbitrary code

continue reading.....

An unknown group has caused quite a hassle by publicly posting information about tens of thousands of user accounts.

A 4.5MB text file (passlist.txt) was uploaded to a Finnish website earlier today. The file contains usernames, e-mail addresses, passwords and uncracked password hashes of almost 79,000 user accounts. These accounts are mostly from different Finnish web forums.

It’s quite trivial to find the correct password based on the password hash, assuming the password is “easy” and can be found from a password dictionary. The passlist.txt file claims that the hack was done by two Swedish hackers but this has already been disputed.

The case exhibits some resemblance to an incident six weeks ago, where Swedish hacker Dan Egerstad published hundred passwords to different embassies and government organisations. However, in that case the information was stolen by Mr. Egerstad by running rogue TOR exit node servers.

In today’s case, the information has been stolen by unknown parties – most likely by hacking the servers of several Finnish web forums: that’s pretty much the only way to gain access to the password hashes.

More discussion (in Finnish) via Muropaketti.com.

On 13/10/07 At 08:27 PM

continue reading.....

I find this to be one of the hardest to mitigate threats in information security. Frequently, fighti …(more)…

continue reading.....

You know, I’ve never found any real use for a shell script. Recently, I found an actual reason to write one for moving and converting audio files using a few less keystrokes.

continue reading.....

It’s tuesday morning, and your morning briefing is for a group of new employees. You have a bu …(more)…

continue reading.....

The problem with distributed computing is that everyone with the technology to reverse-engineer your crypto chip can listen to your broadcast and know exactly what you’re trying to break. Build a robust distributed computing application that is opaque to observers—even those who have access to the source code— by attaching a simple neuron implementation to HTTP transport code.

continue reading.....

The problem with distributed computing is that everyone with the technology to reverse-engineer your crypto chip can listen to your broadcast and know exactly what you’re trying to break. Build a robust distributed computing application that is opaque to observers—even those who have access to the source code— by attaching a simple neuron implementation to HTTP transport code.

continue reading.....

[ GLSA 200710-31 ] Opera: Multiple vulnerabilities

continue reading.....

In Memoriam: Jun-ichiro Hagino

continue reading.....

ILIAS <= 3.8.3 Cross Site Scripting

continue reading.....

[ GLSA 200710-30 ] OpenSSL: Remote execution of arbitrary code

continue reading.....

iDefense Security Advisory 10.30.07 – Local exploitation of a file access vulnerability in the swcons command included in multiple versions of IBM Corp.’s AIX could allow for the creation or modification of arbitrary files anywhere on the system. The vulnerability specifically exists due to a lack of sanity checking when using the -p option. If a user specifies a file with the -p option, the contents of that file will be overwritten with 65,535 bytes of uncontrolled data. If the file doesn’t exist, it will be created. In both cases, the file will also be converted to mode 222, which allows all users on the system to modify it. By specifying a system file, users can cause a denial of service condition or elevate privileges. iDefense has confirmed the existence of this vulnerability on IBM AIX version 5.2. It is suspected that previous versions are also vulnerable.

continue reading.....

iDefense Security Advisory 10.30.07 – Local exploitation of a buffer overflow vulnerability in the crontab program of IBM Corp.’s AIX 5.2 operating system allows attackers to execute arbitrary code with root privileges. The problem specifically exists within the main function. While processing command line arguments, the crontab program will copy a user-supplied argument to a fixed size BSS (data segment) buffer. Since no bounds checking is performed, it’s possible to overwrite a large portion of the data stored in the BSS memory area. iDefense has confirmed the existence of this vulnerability within AIX version 5.2. Previous versions are suspected to be vulnerable. AIX 5.3 does not appear to be vulnerable.

continue reading.....

Secunia Research has discovered a vulnerability in the IMail Client, which potentially can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to a boundary error within the IMail Client when processing emails containing multipart MIME data. Affected is the IMail Client 9.22 included with IPSwitch IMail Server 2006.22.

continue reading.....

Bobbear fights money transfer frauds. Bobbear.co.uk lists many of the sites used by the bad guys attempting to recruit money mules.

Well — The bad guys have struck back. The fraudsters have attacked the site’s reputation and Bobbear is currently offline. Earlier today, it was also unavailable via Google’s cache.

Today we also happened to receive some spam that caught our interest. It was a job recruitment from Next Level — one of the fraud sites listed at Bobbear.

We examined the Next Level scam site until we made the connection to the real world company whose web design was being ripped off by the fraudsters. They’re Solutions Inc.

We discuss some of the details in this video, available from our YouTube Channel.

We’ll follow-up next week with some additional details…

On 12/10/07 At 04:13 PM

continue reading.....

There is no excerpt because this is a protected post.

continue reading.....