Large-scale attack on WordPress

According to various reports, in the past few days a number of websites created using WordPress have been hacked. While the attack initially appeared to be limited to web sites hosted by American ISP DreamHost, it has since become apparent that blogs hosted at GoDaddy, Bluehost and Media Temple have also been affected. Unconfirmed reports […]

Apache.org services attacked

The Apache Infrastructure Team has reported a direct, targeted attack against the server hosting their issue-tracking software. “If you are a user of the Apache hosted JIRA, Bugzilla, or Confluence, a hashed copy of your password has been compromised. JIRA and Confluence both use a SHA-512 hash, but without a random salt. We believe the […]

Security hole fixed in Firefox 3.6

A fix is now available for a security hole that was discovered in Firefox 3.6 under Windows in early February. According to Mozilla’s blog, the fix will be included in version 3.6.2, which is scheduled for release on the 30th of March. Those who don’t want to wait can install the current beta of this […]

Security vulnerability in SpamAssassin filter module

The SpamAssassin Milter plug-in which plugs in to Milter and calls SpamAssassin, contains a security vulnerability which can be exploited by attackers using a crafted email to inject and execute code on a mail server. The SpamAssassin Milter plug-in is frequently used to run SpamAssassin on Postfix servers. In order to exploit the vulnerability, the […]

Security problem with Samba on Linux – affects 3.5.0, 3.4.6 and 3.3.11

Security problem with Samba on Linux ———————————— In Samba releases 3.5.0, 3.4.6 and 3.3.11 new code was added to fix a problem with Linux asynchronous IO handling. This code introduced a severe security flaw which was undetected until now. We are releasing new binaries and fixed source code as release numbers: 3.5.1, 3.4.7 and 3.3.12 […]

RSA authentication weakness discovered

The most common digital security technique used to protect both media copyright and Internet communications has a major weakness, University of Michigan computer scientists have discovered. RSA authentication is a popular encryption method used in media players, laptop computers, smartphones, servers and other devices. Retailers and banks also depend on it to ensure the safety […]

Vulnerabilities in sudo closed

Several Linux distributors have released updated sudo packages to fix two vulnerabilities that allow users with limited access rights to escalate their privileges. The sudo (super user do) command is intended to allow users to execute certain commands at another user’s privilege level – usually root. The contents of the /etc/sudoers file determines whether or […]