ep's blog

Leaked version of Skype for Android leaks sensitive data


Leaked copies of Skype for Android with video-conferencing capabilities
have been floating around. Before using, note that there is no security
of any kind on your personal & login information. It is literally stored
in text files with world-readable permissions. However, PCI DSS was
followed, so Credit Card information is safe.

Adobe to Patch Flash Zero Day on Windows, Mac on Friday, April 15, 2011


Thanks to Kevin for the heads up.

"Adobe is planning to patch the recently disclosed Flash Player
vulnerability on Friday for users on Windows, Mac OS X and Linux. The
vulnerability is being used in targeted attacks right now that use
malicious Word documents.

Horde IMP Webmail 'fetchmailprefs.php' HTML Injection Vulnerability


"Horde IMP Webmail is prone to an HTML-injection vulnerability because
it fails to sufficiently sanitize user-supplied data before it is used
in dynamic content.

Attacker-supplied HTML or JavaScript code could run in the context of
the affected site, potentially allowing the attacker to steal
cookie-based authentication credentials and to control how the site is
rendered to the user; other attacks are also possible.

VMware vmrun utility local privilege escalation


"The VMware vmrun utility is susceptible to a local privilege escalation
in non-standard configurations."

All users of the vmrun utility should visit the advisory and see if
his/her instance is susceptible. If so, it is critical to update the
software through the links provided in the advisory.