Donald Sears

Cold Fusion Hotfix Gets Researchers Attention

A recently patched vulnerability in Adobe’s ColdFusion application
server may be more serious than previously thought following the public
release of exploit code and blog posts claiming it can be used to take
full control of systems running the software. Read the full article. [The Register]

‘Dislike’ Button Scam on Facebook Goes Viral

Researchers are advising Facebook users to avoid offers to download an “official dislike button”, which the firm claims has spread virally across the service. There are  two different versions of the ruse thus far, both with tiny URL links to rogue applications. Read the full article. [Infosecurity.com]

Ruby Closes XSS Flaw With Update

The Ruby developers have issued version 1.9.1-p430 of the Ruby programming language, a security update that addresses a cross-site scripting (XSS) vulnerability. Read the full article. [The H Security]


A password of less than seven characters will soon be “hopelessly
inadequate” even if it contains symbols as well as alphanumerical
characters, according to computer scientists at the Georgia Tech
Research Institute. Read the full article. [The Register]

Hundreds of thousands of Web sites parked at NetworkSolutions.com have been serving up malicious software thanks to a tainted widget embedded in the pages, a security company warned over the weekend. Read the full article. [KrebsonSecurity]

Opera Software has released version 10.61 of the Opera web browser to fix a high severity hole. The issue was a heap overflow in the HTML5 canvas when performing some painting operations, which could in some cases be used to execute code. Read the full article. [The H Security]

Minutes after Apple issued a security update Wednesday, the maker of a
10-day-old jailbreak exploit released code that others could put to use
hijacking iPhones, iPod Touches and iPads. Read the full article. [Computerworld]

The dd_ssh bot is currently responsible for an increase in brute force
attacks on SSH connections. Botnet herders are apparently injecting the
script via a phpMyAdmin vulnerability and using the compromised computers for targeted SSH attacks. Read the full article. [The H Security]

A bug in Facebook’s login system allows attackers to match unknown email
addresses with users’ first and last names, even when they’ve
configured their accounts to make that information private. Read the full article. [The Register]