Ryan Naraine

Combining a cross-site scripting (XSS) vulnerability with a TinyURL redirect, hackers successfully broke into the infrastructure for the open-source Apache Foundation in what is being described as a “direct, targeted attack.”

Malicious hackers have found a way to hijack WordPress database credentials and use that information to redirect thousands of blogs to Web sites laden with malware.The attacks, which started last Friday, occurred mostly on WordPress blogs hosted by Network Solutions but it appears that there are multiple security weaknesses in play.

Researchers at the University of Illinois at Chicago have received a $1.15 million grant from the National Science Foundation to build a new computer operating system based on virtual machines and the concept of isolation.

Adobe today announced plans to ship a critical security patch next Tuesday (April 13, 2010) to fix multiple high-risk security holes in its Reader and Acrobat product lines.The patches will be released alongside a new automatic updater software that the company hopes will speed up the downloading and deployment of its security fixes.   The security fixes in this Reader/Acrobat patch batch will apply to Windows, Macintosh and UNIX users.

Microsoft plans to release 11 security bulletins on Tuesday April 13, 2010 to fix multiple vulnerabilities that expose Windows users to remote code execution attacks.

In a startling revelation, the open-source Mozilla project says that its flagship Firefox browser contains a root certificate authority that doesn’t seem to have a known owner.
It’s quite possible that this could be a legitimate root certificate that changed hands during a merger or some other transaction but the fact that Mozilla’s folks can’t seem to figure out the owner is disconcerting on many levels.

A security researcher shows that it’s possible to launch an attack internally from one PDF onto another already existing PDF. More information here.