Tony Zeoli, Tony Hayes Security Vulnerabilities

Mandriva Linux Security Advisory : mozilla (MDVSA-2012:110-1)

Security issues were identified and fixed in mozilla firefox and thunderbird : Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain...

Scientific Linux Security Update : nfs-utils-lib on SL5.x i386/x86_64

Details : Tenable Network Security discovered a stack-based buffer overflow flaw in the RPC library used by nfs-utils-lib. A remote unauthenticated attacker who can access an application linked against nfs-utils-lib could trigger this flaw and cause the application to crash. On Red Hat Enterprise.....

Alleged TeamPoison Member Sentenced to Six Months in Jail

A British teenager has been sentenced to six months in jail after pleading guilty to illegally accessing the Gmail account of a former top aide to former Prime Minister Tony Blair. Junaid Hussain was allegedly a member of the TeamPoison hacking crew and had posted some of Blair’s personal...

xulrunner to 14.0.1 (critical)

Mozilla XULRunner was updated to 14.0.1, fixing bugs and security issues: Following security issues were fixed: MFSA 2012-42: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs...

MozillaFirefox to 14.0.1 (critical)

MozillaFirefox was updated to 14.0.1 to fix various bugs and security issues. Following security issues were fixed: MFSA 2012-42: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these...

SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8226)

MozillaFirefox have been updated to the 10.0.6ESR security release fixing various bugs and several security issues, some critical. The ollowing security issues have been fixed : Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and ...

Security update for Mozilla Firefox (important)

MozillaFirefox has been updated to the 10.0.6ESR security release fixing various bugs and several security issues, some critical. The following security issues have been fixed: * MFSA 2012-42: Mozilla developers identified and fixed several memory safety bugs in the browser engine used...

Security update for Mozilla Firefox (important)

MozillaFirefox have been updated to the 10.0.6ESR security release fixing various bugs and several security issues, some critical. The ollowing security issues have been fixed: * MFSA 2012-42: Mozilla developers identified and fixed several memory safety bugs in the browser engine used...

Ubuntu Update for thunderbird USN-1510-1

Ubuntu Update for Linux kernel vulnerabilities...

Ubuntu Update for ubufox USN-1509-2

Ubuntu Update for Linux kernel vulnerabilities...

Ubuntu Update for firefox USN-1509-1

Ubuntu Update for Linux kernel vulnerabilities...

ubufox update

Releases Ubuntu 12.04 Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04 Packages ubufox - Ubuntu Firefox specific configuration defaults and apt support Details USN-1509-1 fixed vulnerabilities in Firefox. This update provides an updated ubufox package for use with the lastest Firefox. Original...

Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : ubufox update (USN-1509-2)

USN-1509-1 fixed vulnerabilities in Firefox. This update provides an updated ubufox package for use with the lastest Firefox. Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith, Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered memory safety...

Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : firefox vulnerabilities (USN-1509-1)

Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith, Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit...

Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : thunderbird vulnerabilities (USN-1510-1)

Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith, Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted page, an attacker could possibly...

Out of bounds read in QCMS — Mozilla

Google developer Tony Payne reported an out of bounds (OOB) read in QCMS, Mozilla’s color management library. With a carefully crafted color profile portions of a user's memory could be incorporated into a transformed image and possibly...

Firefox vulnerabilities

Releases Ubuntu 12.04 Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04 Packages firefox - Mozilla Open Source web browser Details Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith, Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered memory safety...

Thunderbird vulnerabilities

Releases Ubuntu 12.04 Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04 Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith, Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey...

Report: TeamP0ison Hacker "TriCk" Pleads Guilty For Hacking Tony Blair's E-mail

TeamP0ison hacker and newly minted 18 year-old Junaid Hussain of Birmingham, England – a.k.a “TriCk” pleaded guilty last week to hacking charges for a string of attacks on some of the U.K.’s leading political figures, including former Prime Minister Tony Blair, according to a published report in...

Unbreakable Enterprise kernel security and bugfix update

[2.6.39-200.24.1.el5uek] - Revert 'Add Oracle VM guest messaging driver' (Guru Anbalagane) [Orabug: 14233627} [2.6.39-200.23.1.el5uek] - SPEC: add block/net modules to list used by installer (Guru Anbalagane) [Orabug: 14224837] [2.6.39-200.22.1.el5uek] - NFSv4: include bitmap in nfsv4 get acl...

CVE-2012-2702

The Ubercart Product Keys module 6.x-1.x before 6.x-1.1 for Drupal does not properly check access for product keys, which allows remote attackers to read all unassigned product keys via certain conditions related to the...

SA-CONTRIB-2012-076 - Ubercart Product Keys Access Bypass

CVE: CVE-2012-2702. This module enables you to sell product keys from an Ubercart store. Under certain circumstances, a user can view all unassigned product keys which could grant them access to the software circumventing the process of selling the key. Versions affected Ubercart Product Keys...

17 year old Teenager arrested over TeamPoison hacking attacks

17 year old Teenager arrested over TeamPoison hacking attacks A teenage boy has been arrested on suspicion of being a member of "TeamPoison", a computer hacking group that has claimed responsibility for 1,400 offences including an attack on the phone system of Scotland Yard's counter-terrorism...

Employee Sends Medicaid Info of 228K To His Yahoo! Account

A South Carolina man was arrested yesterday on charges stemming from a data breach that may have leaked personal information on more than 200,000 Medicaid beneficiaries in the state, including their names, phone numbers, addresses, birth dates and Medicare ID numbers according to a report in the...

Survey: Mom and Dad Secretly Monitor Facebook

A new survey conducted by AVG Technologies revealed that a solid majority of American parents admit that they have secretly accessed the Facebook profiles of their children. Mothers are more likely to secretly log on than are fathers, but the survey shows that 60 percent of all U.S. parents...

Update: Zappos Says 24 Million Customers Affected By Data Breach

UPDATE: Online retailer Zappos said that its network has been compromised and attackers were able to access personal information belonging to more than 24 million of its customers. Zappos said that its database that contains customers’ credit card numbers was not compromised, however. “We were...

Zappos a division of Amazon got Hacked

** Zappos** a division of Amazon got Hacked A notification mail from Zappos is circulating in Customers that a division of Amazon "Zappos.com" got Hacked by Unknown Hackers. Notification mail indicated that names, email addresses, mailing addresses, and the last four digits of customer's social...

Internet Pioneers, Security Experts Send Letter to Congress Blasting SOPA

A group of engineers, networking specialists, security experts and other specialists deeply involved with the Internet’s development and growth have sent a letter to lawmakers criticizing the highly controversial SOPA and PIPA bills and imploring them not to pass the legislation, which they say...

Linux Foundation Says UEFI Doesn't Have to Prevent Other OS Installations

The Linux Foundation has released a document outlining ways in which the UEFI secure boot specification can be used to support the installation of Linux and other open operating systems on UEFI-enabled hardware. As long as hardware vendors set up their systems in the proper way, UEFI should be no.....

Derbycon 2011 Videos talks

Derbycon 2011 Videos Talks The idea behind DerbyCon was developed by Dave Kennedy (ReL1K), Martin Bos (PureHate), and Adrian Crenshaw (Irongeek). Their motivation stemmed from a desire to see more of the old-style talks and events of the conventions of the past. DerbyCon was hosted by some...

Microsoft Defends Secure Boot in Windows 8

Microsoft officials are seeking to assuage concerns that its implementation of UEFI in Windows 8 will prevent users from loading non-Microsoft operating systems or applications on their machines. Despite concerns raised by security researchers and open-source advocates about vendor lock-in and...

Its Fail 2011 - Year of Hacks !

Its Fail 2011 - Year of Hacks ! According to IT security experts Year 2011 have labeled as the "Year of the Hack" or "#Fail 2011". Hacking has become much easier over the years allowing hackers to hack into systems easier then ever before, which is why 2011 had a lot of hacking happen so far....

14 Years in Jail for mass credit card theft

14 Years in Jail for mass credit card theft A 21 year old man received a 14 year prison sentenced on Friday for running an online business that sold counterfeit credit cards encoded with stolen account information with losses estimated at more than $3 million. Tony Perez III, of Hammond,...

SA-CONTRIB-2011-040 Author Pane access bypass

The Author Pane module provides information about users on a site. This module has integration with several other modules including the user locations of the Location module. If you enabled display of user locations the Author Pane module may have shown user locations to site visitors who did not.....

Oracle Linux 5.7 kernel security and bug fix update

[2.6.18-274.el5] - [xen] svm: fix invlpg emulator regression (Paolo Bonzini) [719894] [2.6.18-273.el5] - Revert: [fs] proc: Fix rmmod/read/write races in /proc entries (Jarod Wilson) [717068] - [xen] disregard trailing bytes in an invalid page (Paolo Bonzini) [717742] - [xen] prep...

Indonesian and Australian police launched Cyber Crime Investigation Center

Indonesian and Australian police launched Cyber Crime Investigation Center Indonesian and Australian police officially launched a joint project called the Cyber Crime Investigation Center. The center was officiated by Indonesian National Police chief Gen. Timur Pradopo and Australian Federal...

TeaMp0isoN leak Former British PM Tony Blair Data

TeaMp0isoN leak Former British PM Tony Blair Data Twitter Become the best place for Hackers to Leak data now and the best part is that , Twitter will never block you for such actions. After Lulzsec, Anonymous .. now Pakistani Hackers Group "TeaMp0isoN" is back with some New leaks. Last time...

Nmap NSE net: http-vmware-path-vuln

Checks for a path-traversal vulnerability in VMWare ESX, ESXi, and Server (CVE-2009-3733). The vulnerability was originally released by Justin Morehouse and Tony Flick, who presented at Shmoocon 2010 (http://fyrmassociates.com/tools.html). SYNTAX: http.pipeline: If set, it represents the number...

CA20110510-01: Security Notice for CA eHealth

-----BEGIN PGP SIGNED MESSAGE----- CA20110510-01: Security Notice for CA eHealth Issued: May 10, 2011 CA Technologies support is alerting customers to a security risk with CA eHealth. A vulnerability exists that may potentially allow an attacker to compromise web user security. The vulnerability,.....

50 new Scada threats discovered, Another stuxnet in making ?

Scada systems are found in a variety of industrial plants ranging from water and waste treatment to food and pharmaceuticals and even nuclear power plants.Their scurity of these systems is getting worse and is big concern today. Application security management firm Idappcom reported 52 new threats....

Twitter, Javascript Defeat NYT's $40m Paywall

The New York Times is estimated to have spent $40 million to $50 million to construct an elaborate new paywall that will force some users of the site to pay a monthly fee to read paper content. But just days after rolling out a version of the paywall, the newspaper is playing whack-a-mole with...

Exposed : HBGary wanted to suppress Stuxnet research !

It is no secret that in recent days, Anonymous Operatives have released a cache of HBGary Federal internal emails to the public. Crowdleaks has discovered that within these communications, Aaron Barr received a copy of Stuxnet _(a computer worm that targets the types of industrial control systems.....

Oracle Linux 5.6 kernel security and bug fix update

[2.6.18-238.el5] - [net] bnx2: remove extra call to pci_map_page (John Feeney) [663509] - [fs] nfs: set lock_context field in nfs_readpage_sync (Jeff Layton) [663853] [2.6.18-237.el5] - [block] fully zeroize request struct in rq_init (Rob Evers) [662154] - [scsi] qla4xxx: update to...

kernel security, bug fix, and enhancement update

[2.6.18-194.32.1.0.1.el5] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - Add entropy support to igb (John Sobecki) [orabug 7607479] - [nfs] convert ENETUNREACH to ENOTCONN [orabug 7689332] - [NET] Add xen pv/bonding netconsole support...

Threatpost's List of the Top 10 Security Top 10 Lists

Ever since the traditional print industry collapsed in on itself like a decommissioned ‘Vegas casino, replaced with blogs, micro blogs, social networking and other forms of Web based publishing, the end of the year has brought with it a blizzard of retrospective and prospective Top 10 lists from...

Oracle Critical Patch Update Advisory - October 2010

Oracle Critical Patch Update Advisory - October 2010 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required (because of interdependencies) by those security patches. Critical Patch Updates are...

[security bulletin] HPSBMA02578 SSRT100069 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Information Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02514929 Version: 1 HPSBMA02578 SSRT100069 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Information Disclosure NOTICE: The information in this Security Bulletin should....

About the security content of Safari 5.0.1 and Safari 4.1.1

About the security content of Safari 5.0.1 and Safari 4.1.1 * Last Modified: July 28, 2010 * Article: HT4276 Summary This document describes the security content of Safari 5.0.1 and Safari 4.1.1. For the protection of our customers, Apple does not disclose, discuss, or confirm security issues...

Arbitrary UNC file read in IE 8

Internet Explorer is vulnerable to a drive-by arbitrary UNC file read, with the usual consequences (local account password disclosure, etc.) as in IE6 before SP1. It is in ICMFilter, which is accessible via the CSS filter property. Sample exploit code: <div...

Microsoft Internet Explorer 8 an arbitrary file read

No description provided by...