Drupal Shared Sign On Module Cross-Site Request Forgery and Session Fixation Vulnerabilities

continue reading.....

Sun Solaris IP(7P) Module and STREAMS Framework Local Denial Of Service Vulnerability

continue reading.....

Novell NetWare NFS Portmapper and RPC Module Stack Buffer Overflow Vulnerability

continue reading.....

Linksys WRT54GC Router Cross-Site Request Forgery Vulnerability

continue reading.....

Plymouth, the nifty boot splash program developed by Red Hat to replace RHGB and leverages kernel-based mode-setting to provide a flicker-free experience, is in the process of picking up more features. Committed to the Plymouth repository is now a DRM plug-in.

continue reading.....

We haven’t written about StickK, the company that allows you to put a contract on yourself in order to help you commit to improving your lifestyle, since the service was launched back in February 2008. Good thing the company got in touch with us and pointed out they’re doing quite nicely, which gives us a good excuse for an update on them.

StickK was founded by three Yale economists (two professors and a graduate student) and basically allows you to accomplish a goal by setting up a contract against yourself, whether it’s about losing weight, stop biting your nails, writing a novel or whatever else you feel you need to achieve in life. The site takes credit card information up front and charges it on a weekly basis should you fail to meet your self-submitted goal(s). You can designate someone to be your referee — a friend, co-worker or spouse, for example — but in the end, if they fail to do their jobs, StickK.com will take your word for it.

continue reading.....

In a posting on his FSF blog, Richard Stallman has apologised for “repeating a criticism of Mac OS which I cannot substantiate and must presume is false”. The claim, that Mac OS X has a backdoor which could install changes without the user’s permission, is one that Stallman has repeated, but he now says there “is no basis to claim there is one”.

continue reading.....

Bletchley Park, the top secret code breaking hub that played a pivotal role in the outcome of World War Two, has finally been awarded development funding of some £460,500 ($735,500) from the Heritage Lottery Fund.

continue reading.....

I loved Amarok 1.4 and even used it in Gnome. Then, I really hated all the 2.x series until this 2.2 RC1. It’s kind of slow, but it finally looks like a real music player and reminds me why I liked Amarok so much. I’m currently using it in Ubuntu Jaunty and since there are only .deb files for Ubuntu Karmic posted on the announcement download link (actually those are for version 2.2 beta), I thought I’d let you know how to install it in Ubuntu Jaunty (and Fedora, thanks to Fedora-ES).

continue reading.....

Google Summer of Code has again been a huge success for KDE this year. 37 out of 38 projects were finished successfully. Much of the work done during these projects is already merged into trunk and will be available for the users with the KDE 4.4 release in January 2010. Thanks to all students and mentors for their great work! Below you will find a short interview with each of the students, asking them about the cool things they have been working on for the past few months.

continue reading.....

Flickr’s API suffered from an API signature forgery vulnerability.

continue reading.....

Risky.biz: Bottle Domains to appeal court ruling "Domain name regulator auDA moved to terminate Bottle Domains’ registrar agreement when it was revealed the company’s customer database had been hacked"

continue reading.....

continue reading.....

continue reading.....

continue reading.....

continue reading.....

Facebook has long relied on its own users to help translate the site into more than 65 different languages. Now, Facebook wants to unleash its army of volunteer translators on other sites and apps across the Web. Any site or app that use Facebook Connect can now tap into the Facebook community to get help translating their site into any language that Facebook Translations supports.

As Facebook strives to cement itself as the social glue of the Web, offering free translation tools gives developers yet one more reason to choose Facebook Connect over Google Friend Connect or other competing platforms. It gives them access to new markets extremely quickly. Facebook thinks its crowdsourced translation tools are so good that it’s patented them.

continue reading.....

When I first began using Linux back in 2001, the themes I saw were beautiful but they don’t compare to some of the themes I’m seeing lately. I’d like to show you some themes which will, in my opinion, spark more interest in GNOME themes.

continue reading.....

Microsoft Security Essentials (MSE) hit the streets today (Thanks Kia for the heads up). So I …(more)…

continue reading.....

Threat Post: The Difficulty of Un-Authentication

continue reading.....

SANS: Network Forensics Puzzle Contest

continue reading.....

Mandriva Linux Security Advisory 2009-249 – A heap-based buffer overflow flaw was found in the way newt processes content that is to be displayed in a text dialog box. A local attacker could issue a specially-crafted text dialog box display request (direct or via a custom application), leading to a denial of service (application crash) or, potentially, arbitrary code execution with the privileges of the user running the application using the newt library. This update provides a solution to this vulnerability.

continue reading.....

Shaun Nichols in San Francisco, V3.co.uk, Wednesday 30 September 2009 at 01:36:00

The growth of new botnets combined with the resurgence of existing networks
has helped to push infection numbers higher, according to researchers.

According to the latest report from Symantec’s MessageLabs branch, the
swelling ranks of malware-controlled computer networks are now responsible for
some 87.9 per cent of all spam worldwide.

Much of that activity was credited to a resurgence from the
Rustock
botnet. MessageLabs estimated that the network accounted for ten per cent of
all spam activity. The total number of machines in the botnet is pegged as high
as 1.9mil systems.

Researchers also noted that Rustock has adopted a regular schedule for
sending out spam. The spam runs are found to begin each day around 8:00 AM GMT
with the first four hours of activity being the busiest. The spam flow continues
until roughly 8:00 PM each evening.

Joining Rustock atop the botnet ranks was a new infection known as Maazben.
Dealing mainly in Casino-related spam messages, Maazben is believed to be just
five months old. Despite its recent debut, the Maazben network is said to be
serving 1.4 per cent of total spam loads.

MessageLabs senior intelligence analyst Paul Wood suggested that the
closure
of ISP’s known for harbouring botnet operators has helped takedown older
networks, leaving a void in the botnet industry.

“This has undermined the power of the more dominant botnets like Cutwail and
cleared the way for new botnets like Maazben to emerge,” said Wood.

“However, this won’t always be the case as botnet technology has also evolved
since the end of 2008 and the most recent ISP closures now have less of an
impact on resulting activity as downtime now only lasts a few hours rather than
weeks or months as before.”

continue reading.....

Shaun Nichols in San Francisco, V3.co.uk, Wednesday 30 September 2009 at 01:31:00

Security experts have warned of a new malware attack that masquerades as a
tax document.

The US Computer Emergency Response Team (US-Cert) said that it had received
numerous reports of malicious spam messages claiming to be from the US Internal
Revenue Service (IRS).

The messages claim that the IRS has discovered unreported income from the
recipient’s tax forms, and instructs them to open additional material attached
to the email.

Rather than receiving tax forms, however, the victim becomes infected with a
Trojan downloader which attempts to compromise the system with further malware
installations.

The use of phoney tax forms and other
seemingly
official documents has become a popular method for infecting users with
malware. Security experts noted that such attacks often increase in size and
scope during the tax season.

US-Cert is advising people who receive the emails to avoid opening any
attachments, and to contact the IRS through its
scam
reporting site.

The agency pointed out that it does not send notice of fees or other official
documents via email.

continue reading.....

Only days after Google took action against the CyanogenMod project for offering customised Android firmware (which copied portions of proprietary code), a group of Android developers formed the Open Android Alliance. According to the project’s site, the group is “pro-Android” rather than “anti-Google”. Their aim is to replace all of the closed source, proprietary applications included in OEM Android installations with open source alternatives that can be freely distributed.

continue reading.....

Want to enter your hidden lair in style? Well [Jimmy] simply wanted to create a cool prop for his school’s homecoming dance. This project includes some obvious inspiration from Wayne Manor. [Jimmy] wired up the automated entrance with a 12VDC motor. In order for it to be able to push the door , the motor had to be attached to [...]

continue reading.....

WinRAR version 3.80 suffers from a ZIP filename spoofing vulnerability.

continue reading.....

Adobe Photoshop Elements 8.0 Active File Monitor Service suffers from a bad security descriptor local elevation of privileges vulnerability.

continue reading.....

Oracle Document Capture BlackIce DEVMODE Active-X related remote command execution exploit.

continue reading.....

OLF 2009 was another great success this year as we celebrated 40 years of UNIX. Kudos to the all the organizers and volunteers who made the event happen!

continue reading.....