Blogs

Horde Groupware contains backdoor in Horde 3.3.12 and Groupware 1.2.10

http://m.h-online.com/security/news/item/Horde-Groupware-contains-backdo...

"Unknown perpetrators infiltrated a backdoor into several installation packages during an attack on groupware provider Horde's FTP server. Horde 3.3.12, Groupware 1.2.10 and the webmail edition of the groupware product are all affected. Horde 4 was not modified. The CVS and Git servers are also unaffected.

Apache HTTP Server 2.2.22 Released

http://www.apache.org/dist/httpd/Announcement2.2.html

Six security issues were fixed in Apache 2.2.22, including information disclosure, privilege escalation and DoS vulnerabilities.

"SECURITY: CVE-2011-3368 (cve.mitre.org) Reject requests where the request-URI does not match the HTTP specification, preventing unexpected expansion of target URLs in some reverse proxy configurations.

Canadian Privacy Commissioner Unveils New Tools to Help Young Internet Users Protect Their Privacy


http://www.priv.gc.ca/media/nr-c/2012/nr-c_120124_e.cfm#contenttop


I think that the materials that the Privacy Commissioner of Canada is promoting are great.  Everyone should follow the advice they present to teach their families about online privacy.  Here are the links to three great tools they have launched on their www.youthprivacy.ca website.

Microsoft Security Advisory (2639658) Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege

https://technet.microsoft.com/en-us/security/advisory/2639658

"A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error within the Win32k kernel-mode driver (win32k.sys) when parsing TrueType fonts.

Successful exploitation allows execution of arbitrary code."

Pages