TYPO3 4.1.15, 4.2.14, 4.3.5 and 4.4.2 announced
A small post only to say that 4 new versions of TYPO3 are available for download:
- 4.1.15
- 4.2.14
- 4.3.5
- 4.4.2
A critical flaw found in Flash Player and Acrobat
Adobe has just emmetre today a bulletin regarding a critical security flaw has been discovered in two of its products.
Indeed, some versions of Flash Player (10.0.45.2, 9.0.262 and earlier 9.0.x and 10.0.x for Windows, Macintosh, Linux and Solaris) and the authplay.dll Adobe Acrobat Reader (9.3 .2 9.x and earlier for Windows, Macintosh and UNIX), Herewith a vulnerability that could allow a hacker to take control of a remote computer.
No official patch does now to correct this loophole, but Adobe says that Flash 10.1 version release candidate there would not vulnerable. The firm adds that Adobe Reader and Acrobat 8.x is not usable by this technique.
A fix will be proposed as soon as possible by the firm. Attacks related to this vulnerability would be very numerous, caution is required for users of the software ..
Joomla Security Release : 1.5.18
The Joomla Project announces the immediate availability of Joomla 1.5.18 [Wojmamni ama wojnaiki]. This is a security release and also corrects one priority issue in version 1.5.17.
Download full package
Download update packages
Joomla! 1.5.17 Released
The Joomla Project announces the immediate availability of Joomla 1.5.17 [Wojmamni ama woobusani]. This is a priority release to correct two issues in version 1.5.16. Although there are no security issues fixed in this release, we consider it a security release because a security-related bug has been fixed and because many sites may be upgraded directly from 1.5.15 to 1.5.17.
The Development Working Group's goal is to continue to provide regular, frequent updates to the Joomla community.
Download Full Package (1.5.17)
Download Upgrade Packages (1.5.x => 1.5.17)
Read the official post
Joomla! 1.5.16 Released
The Joomla Project announces the immediate availability of Joomla 1.5.16 [Wojmamni ama busani]. It has been about six months since Joomla 1.5.15 was released on November 4, 2009.
The Development Working Group's goal is to continue to provide regular, frequent updates to the Joomla community.
Download Joomla 1.5.16
Installation instructions
The Google’s passwords management system could be compromised, following the Chinese attacks of 2009
The attacks last December for Google from China, the management system passwords have been compromised the firm (the level of intrusiveness of the system had not known).
At Google, it's a program called Gaia which manages passwords of users for access to all web services of the firm, including those dedicated professionals (Google Apps). This application is highly confidential and rarely mentioned.
Asian Hackers have managed to get into googlienne infrastructure, but they have not managed to steal passwords of Gmail. Good news for the millions of users mail client.
However, vigilance is warranted because cybercriminals may be able, during their private tour of the bowels of the giant benefit to identify vulnerabilities unknown to date.
There is therefore a risk that hackers operate a return to the date of their choice, and despite the security enhancements introduced by Google.
These threats could explain the arrival of a geolocation tool in Gmail (to check if the connection is from a usual place).
For, according to an anonymous source close to the investigation, the intruders have targeted especially the jobs of developers in the Gaia ... And tried to access the source files of the application. How it had it been planned?
Using the information in "moma", an internal file that lists all employees and their activities.
Source:
The New York Times
Developpez.com
Java vulnerabilities, already patched by Oracle !
Vulnerabilities have been discovered in Java.
According to the official document of the alert, the vulnerabilities are:
- An error in the code of the class HeadspaceSoundbank can cause a buffer overflow via a specially crafted file Soundbank;
- An error in the processing of images can cause a buffer overflow via a specially crafted Java applet;
- Several other unspecified vulnerabilities exist in Oracle Java components.
These flaws could allow remote execution of malicious code or open a door to a denial of service attack. Confidential records are no longer protected optimally.
The JVM impacted are:
- Java SE JDK / JRE 6 Update 18 and earlier for Windows, Solaris, and Linux;
- Java SE JDK 5.0 Update 23 and earlier for Solaris;
- Java SE SDK 1.4.2_25 and earlier for Solaris;
- Java for Business, JDK / JRE 6 Update 18 and earlier for Windows, Solaris, and Linux;
- Java for Business, JDK / JRE 5.0 Update 23 and earlier for Windows, Solaris, and Linux;
- Java for Business, SDK / JRE 1.4.2_25 and earlier for Windows, Solaris, and Linux.
These reports were confirmed by Oracle that provides security updates to this address.
Source : CERTA alert
Microsoft will release this afternoon urgent patch for Internet Explorer, which corrects several security vulnerabilities
Microsoft announced yesterday the online release this afternoon of an urgent update for versions 6 and 7 of Internet Explorer.
The proposed patch out of cycle patch Tuesday (a set of patches released on the second Tuesday of each month), is to correct flaws that affect all versions of Internet Explorer including IE8, and on all operating systems including Windows 7 and Windows Server 2008 R2.
Microsoft did not give details of these vulnerabilities are classified as critical and said that this patch will concern in particular a flaw in versions 6 and 7 of Internet Explorer, but it also includes fixes for 9 other faults that also affect the version 8 browser.
A hacker sentenced to 20 years in jail for datas stealing
After a long deliberation, it is a heavy verdict was delivered several months late on the date announced in early trials.
Remember in late 2009, we had talked of Albert Gonzalez, the pirate who stole more than 130 million numbers of credit cards.
At his trial, he had finally decided to plead guilty.
The attacker was disturbed 28 years of the sentence awaiting him, but he expected a sentence too heavy?
On Thursday, he was sentenced by a court in Boston (Massachusetts) to twenty years imprisonment.
This is the highest penalty ever imposed for piracy data
The 28 year old man did not stop in so good way, and it will compare this weekend to charges of conspiracy, computer fraud and identity theft for other acts of piracy.
His sentence could thus extend to 5 years.
American justice has wanted to make this case an example, as explained by Judge Patti Saris: "Even if you have any remorse (...), I must send a message, given the enormous cost of your crime" .
Albert Gonzales was most hidden one million dollars in the garden of her parents. Amount he has returned to the authorities to repay some of his victims.
Gonzales wanted to put 15 million dollars later, bought a yacht and retire. It will take, for sure, but in the shade.
Source : developpez.com
Pwn2Own: an iPhone hacked in 20 seconds
When Pwn2Own hacking contest, the database that contains the SMS from the iPhone did not take long.
Two hackers, enzo Iozzo and Ralf Philipp Weinmann, managed to introduce himself and to copy any content (including SMS, which had been deleted) by redirecting users to a compromised website.
All this in record time, since they were just 20 seconds to suck all the data from the database of the iPhone. their technique could also provide access to contacts, photos, audio, etc ... the smartphone.
The two men received $ 15,000 for their victory, and details of their achievement will not be revealed until Apple has been informed of this vulnerability and the patch it.
Souce : developpez.com