ep's blog

Wordpress 2.9.2 security update


Release overview:

"In add_menu_page(), the callback function gets hooked unconditionally.
$access_level is ignored."

It is recommended to update all versions of Wordpress to the newest
version, 2.9.2. Running version 2.9.1 or earlier should be treated as:

Tabnabbing phishing attack


Apparently, when you move to another tab in your web browser, the tab you were originally using can detect that it has lost focus.  A malicious website can take the opportunity to load new content in the tab, change its title and appear to be a different website.

When you return, if you try to login using your credentials, you could be handing them over to a malicious source.

ClamAV 0.94 and older end of life and disabled on 2010-04-15


ClamAV has released an announcement that versions older than 0.95 will
be disabled after 2010-04-15.

ClamAV would like to release longer malware signatures that aren't
supported by pre-0.95 versions of ClamAV. For this reason, earlier
versions of ClamAV will break when new signatures are released.

Microsoft Security Bulletin Advance Notification for April 2010 including 8 remote vulnerabilities


Tuesday, April 13, 2010 is patch Tuesday. Microsoft released this
bulletin summarizing the patches it will release.

8 of these patches mitigate remotely exploitable vulnerabilities.

Users should install these patches during their regular patch Tuesday
patch window.


MIT Kerberos kadmind 'server_stubs.c' Remote Denial Of Service Vulnerability


"MIT Kerberos is prone to a remote denial-of-service vulnerability in

An attacker may exploit this issue to cause the affected application to
crash, denying service to legitimate users.

MIT Kerberos 5 1.5 through 1.6.3 are vulnerable. "

Patches are available for MIT Kerberos, RHEL and Ubuntu. It is
recommended that users upgrade to the latest release to avoid exploitation.