Blogs

Privacy Changes for Facebook

http://www.net-security.org/secworld.php?id=8566

Facebook founder Mark Zuckerberg wrote an open letter describing some changes to the privacy of Facebook accounts (linked from above article).  It appears that regional networks are going to disappear, which may end up disclosing more information than you had intended.  He suggests that all Facebook users review their account privacy settings and update them accordingly.

Thanks,
ep

BlackBerry Attachment Service PDF Distiller Multiple Remote Code Execution Vulnerabilities

http://www.securityfocus.com/bid/37167/info

"BlackBerry Attachment Service is prone to multiple remote
code-execution vulnerabilities when handling specially crafted PDF files.

Attackers can leverage these issues to corrupt memory and execute
arbitrary code in the context of the vulnerable service, possibly with
SYSTEM-level privileges. Successful exploits will compromise the server.
Failed attacks will likely result in denial-of-service conditions. "

BlackBerry Attachment Service PDF Distiller Multiple Remote Code Execution Vulnerabilities

http://www.securityfocus.com/bid/37167/info

"BlackBerry Attachment Service is prone to multiple remote
code-execution vulnerabilities when handling specially crafted PDF files.

Attackers can leverage these issues to corrupt memory and execute
arbitrary code in the context of the vulnerable service, possibly with
SYSTEM-level privileges. Successful exploits will compromise the server.
Failed attacks will likely result in denial-of-service conditions. "

Linux Kernel 'net/mac80211/' Multiple Remote Denial of Service Vulnerabilities

http://www.securityfocus.com/bid/37170/info

"The Linux Kernel is prone to multiple remote denial-of-service
vulnerabilities.

An attacker can exploit these issues to cause a kernel panic, denying
service to legitimate users."

It should be noted that this affects the mac80211 code in the kernel
which deals specifically with the 802.11 wireless lan standard.

Linux Kernel 'net/mac80211/' Multiple Remote Denial of Service Vulnerabilities

http://www.securityfocus.com/bid/37170/info

"The Linux Kernel is prone to multiple remote denial-of-service
vulnerabilities.

An attacker can exploit these issues to cause a kernel panic, denying
service to legitimate users."

It should be noted that this affects the mac80211 code in the kernel
which deals specifically with the 802.11 wireless lan standard.

BlackBerry Attachment Service PDF Distiller Multiple Remote Code Execution Vulnerabilities

http://www.securityfocus.com/bid/37167/info

"BlackBerry Attachment Service is prone to multiple remote
code-execution vulnerabilities when handling specially crafted PDF files.

Attackers can leverage these issues to corrupt memory and execute
arbitrary code in the context of the vulnerable service, possibly with
SYSTEM-level privileges. Successful exploits will compromise the server.
Failed attacks will likely result in denial-of-service conditions. "

Linux Kernel 'net/mac80211/' Multiple Remote Denial of Service Vulnerabilities

http://www.securityfocus.com/bid/37170/info

"The Linux Kernel is prone to multiple remote denial-of-service
vulnerabilities.

An attacker can exploit these issues to cause a kernel panic, denying
service to legitimate users."

It should be noted that this affects the mac80211 code in the kernel
which deals specifically with the 802.11 wireless lan standard.

ldd arbitrary code execution

http://www.catonmat.net/blog/ldd-arbitrary-code-execution/

Seasoned Unix admins may already know the pitfalls of blindly running
ldd on unknown executables. However, since this article was recently
released, I thought it might be good as a reminder to everyone to be
careful when using it.

This article shows some techniques on how to cause ldd to run arbitrary
code, and how easy it is to trick a sysadmin into executing that code as
root.

ldd arbitrary code execution

http://www.catonmat.net/blog/ldd-arbitrary-code-execution/

Seasoned Unix admins may already know the pitfalls of blindly running
ldd on unknown executables. However, since this article was recently
released, I thought it might be good as a reminder to everyone to be
careful when using it.

This article shows some techniques on how to cause ldd to run arbitrary
code, and how easy it is to trick a sysadmin into executing that code as
root.

Pages