Hackin9
LinuxSecurity.com: Florian Weimer of the Red Hat Product Security Team discovered a heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a YAML document with a specially-crafted tag that, when parsed by an application using libyaml, [More...]
 
LinuxSecurity.com: Multiple vulnerabilities has been discovered and corrected in postgresql: Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but [More...]
 
LinuxSecurity.com: A Vulnerability in LibYAML could result in execution of arbitrary code.
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Unifying communications by replacing separate PCs and telephones with a PC equipped with a headset and some telephony software can sound like a great idea until the first electricity bill for those always-on PCs comes in. Fujitsu hopes to end that bill shock with an always-on multimedia PC for businesses that features a special power-saving mode.
 
Protecting privacy was on the minds of almost all the dignitaries assembled in Hanover, Germany, on Sunday night to open this year's Cebit trade show, the theme of which is "datability," or big data with responsibility.
 
Vodafone Germany will attempt to simplify encrypting mobile phone calls with its upcoming Secure Call app, which it plans to launch for Android, iOS and Windows Phone devices.
 

Following the MtGox Bitcoin exchange losing millions to a hack and filing for bankruptcy, anonymous attackers took over the personal blog and reddit account of MtGox CEO Mark Karpeles on Sunday. After seizing control, the hackers posted (Pastebin) a message to the two spaces detailing their findings and the reasoning behind the attack.

"It’s time that MTGOX got the bitcoin communities [sic] wrath instead of Bitcoin Community getting Goxed," the message reads. "This release would have been sooner, but in spirit of responsible disclosure and making sure all of ducks were in a row, it took a few days longer than would have liked to verify the data... Included in this download you will find relevant database dumps, csv exports, specialized tools, and some highlighted summaries compiled from data. Keeping in line with fucking Gox alone, no user database dumps have been included."

Forbes reports the 716 megabyte file placed on Karpeles' site included items like his home address, CV, and an Excel spreadsheet that seems to document more than a million trades. But the most interesting piece of information shared is a summary of 18 different currency balances—with 951,116 bitcoins listed. In light of the 850,000 bitcoins supposedly lost in the recent attack, the hackers concluded this figure demonstrates fraud. The footnote reads, "That fat fuck has been lying!!"

Read 1 remaining paragraphs | Comments

 
Microsoft's plans to ship the final public patches for Windows XP on April 8 could undo its hard-won reputation for security and hurt itself as much as the customers who end up with an infected XP system.
 
Internet Storm Center Infocon Status