Jedi/Sector One's random thoughts

Recent security flaws you might care about

written by jedi on November 18th, 2008 @ 01:45 AM

Send9 found an exploitable heap overflow in the Opera web browser. Opera was notified around the time Opera 9.6 was released. Opera 9.61 and 9.62 were released since, but still no fix, so he released a public exploit for Opera 9.62. Very bad times for Opera, as every recent releases mainly addresses security flaws that weren't handled seriously when reported (see FM changelogs).

Another one you might care about: Plaintext Recovery Attack Against SSH, an attack verified on OpenSSH running Debian GNU/Linux.

Have phun.

1 comment

Comments

H on 20 Nov 15:56

Frank is like the Iphone : he can do anything and furthermore, in an awesome english :)

H from manucure:)

Comments are closed

Frank DENIS

Search:

Twitter @jedisct1

Nice to see everybody eventually getting all excited about 0MQ. 0MQ+msgpack is a killer combo.
…

RT @vrancurel It is possible to guarantee ACID properties on a scalable database, when reliability is pushed to storage http://bit.ly/bwctzz
…

RT @slicknet: Latest blog post - Learnings from XAuth: Cross-domain localStorage http://bit.ly/9dfW8F
…

@dnene Or just greylisting. Nothing overzealous here.
…

RT @aarron IE9 will be released September 15th. Woot! http://beautyoftheweb.com
…

Probably the most important computer you've never heard of: http://bit.ly/cOy0bA
…

RT @olg: iTunes Ping French Localization: Fail - http://bit.ly/bFIGHv
…

Severe vulnerability in IE8 disclosed, unfixed since 2008. POC posting to your Twitter account: http://bit.ly/90XGV2
…

RT @ThomasG77: On OSGeo-Standards mailinglist, demonstrations of SVG Map http://bit.ly/a75pT3 #gis #svg #ajax
…

FastFlow, a new parallel programming C++ framework based upon non-blocking lock-free synchronization mechanisms: http://sk.tl/gpKnxN
…

Redis 2.0 is out! http://bit.ly/d8AVq0 #nosql
…

RT @antirez: cool, a small clean portable C interpreter in 4000 lines of code: http://bit.ly/aDGrdx
…

RT @dnene: interesting response by @yaaang about the unaddressed scaling issues: http://bit.ly/d8qtOZ
…

DJ Kentaro, Kid Koala and Coldcut à Paris le 1er Octobre !
…

RT @igrigorik: detailed how-to for getting a sinatra "spy app" running on your android phone: http://bit.ly/ai4977 - awesome!
…

RT @justinvincent: Mastering Node: Open Source Node.js eBook http://bit.ly/aNinvR
…

How the way you deploy code can ruin performance - http://bit.ly/9JGNG0
…

@stefan_p Don't hold your breath, it's mostly server-side caching shit for now but some more interesting tricks are in the pipe.
…

Recent

Articles feed

How the way you deploy code can ruin performance (September 2nd)
Choosing a NoSQL data store according to your data set. (May 15th)
Twonav for iPhone is now available (December 29th)
Application-controlled browser cache using local storage. (September 12th)
Is Twitter a blog killer? (September 12th)
Enter webhooks (June 29th)
Elliptics Network 2.5.0 has been released (June 25th)
PHP-FPM might get merged into PHP (June 24th)
Stealing your browser history without Javascript (June 14th)
Bayon, a fast clustering tool (June 10th)
Yet some more good presentations (June 6th)
Embracing events (May 31st)
ICANN to open up the TLD namespace (May 29th)
A sneak peek at the Google IO conference (May 29th)
UCARP 1.5.1 (May 28th)

Comments feed

inside on How the way you deploy code can ruin performance
Dan Carley on How the way you deploy code can ruin performance
Frank on How the way you deploy code can ruin performance
Dan Carley on How the way you deploy code can ruin performance
Brandon Corbin on Choosing a NoSQL data store according to your data set.
dmerr on Choosing a NoSQL data store according to your data set.
Frank on Choosing a NoSQL data store according to your data set.
dmerr on Choosing a NoSQL data store according to your data set.
Carl Byström on Is Twitter a blog killer?
near on Is Twitter a blog killer?
Matt Franz on Is Twitter a blog killer?
Frank on Is Twitter a blog killer?
minusf on Is Twitter a blog killer?
Rik on Application-controlled browser cache using local storage.
otto on Hardening MacOSX against the Java vulnerability

tags:

00f,blog 0mq adams age ajax amqp angeles apache maxkeepaliverequests ape app assembler assembly audition,ears authentication bank bayon bdd benchmark,ruby,php blog bluetooth,sniffer bouncer brain broadcom,wireless browser bugs cabinet cache center chrome clickjacking client close cloud cloudkit clustering code insee code postal cometdocs communes computing concurrency conference connection coordonnées cosinus couchdb cricket crypto css css3 data database database engine disk scheduler djb dns docs douglas download dragonflybsd dying dystopia ecommerce edition elliptics elliptics network emacs embedded engine enterprise event eventmachine excel explorer face fast fastcgi fdm fibers filesystem filesystem,chironfs filesystems,ufs2 firefox flare flash gema gentoo gettext google gps graphics hack hadoop hammer hash haxe high hip-hop history html5 http hyperrecord hypertable ie internet internet explorer,memory leaks io ip iphone ipv6 ipv6,bsd,itojun is iterm jailbreak java java,javascript,coma javascript joke jpake jruby json libpuzzle library life lightcloud lighttpd linux llvm localstorage lockless los ludicrous macruby mail markdown,textile,bbcode,rendering mda memory,cluster messaging metasploit microsoft mixi moderation,spam,crm114 money mongodb mqs murmur myisam mysql mysql,myisam,concurrency mysql,udf,variables native natural network neverblock nginx nosql nostalgy objects online openbsd openbsd 4.1 openbsd kernel tlb openbsd,buffer,cache openbsd,song openoffice openoffice,osx openssh openssl opera optimization os,counters osx pacman pake patch,mbuf,ipv6 percona performance photoshop,graphics php php 5.2.5 php optimization php sucks php-fpm pinba pools process,alarmer,timeout project management prototype proxy pubsubhubbub pure-ftpd pureftpd puzzle,library,similar,images q4m raid raid,megaraid rails rails,scalability recognition redis reiser resolver rest rest,http,put restms rhodes ruby scalability sctp search second security security,openbsd,ipv6 selector server shared signals sinatra sinus slots software sort spam sql stats subdomain tcp temperature templates tld tokyo tokyo cabinet translation,html,gettext trends trigo twitter twonav tyran tyrant ubuntu ucarp udf vertebra vertica vmware vulnerability vulnerability,php,phpinfo wave web webdav webhooks www xbox xbox OpenBSD xhtml xmlhttprequest xsrf xss yahoo yarv yougetit zfs

Misc

Projects: Pure-FTPd; La coterie
Cool links: OpenBSD; Typhon

Options:

Colors

orange
blue
green
pink
cyan
red
violet

Sections

Recent security flaws you might care about

posted in:

tags:

comments are closed

Comments

Comments are closed

Frank DENIS

Twitter @jedisct1

Recent

Archives

Categories

tags:

Misc

Options:

Size

Colors