Hacking Facebook account is one of the major queries of the Internet user today. It’s hard to find — how to hack Facebook account, but an Indian hacker just did it.
A security researcher discovered a ‘simple vulnerability’ in the social network that allowed him to easily hack into any Facebook account, view message conversations, post anything, view payment card details and do whatever
Re: Apple iOS v9.2.1 – Multiple PassCode Bypass Vulnerabilities (App Store Link, Buy Tones Link & Weather Channel Link)
ESA-2016-012: EMC Documentum xCP ? User Information Disclosure Vulnerability
[slackware-security] php (SSA:2016-067-01)
Re: Apple iOS v9.2.1 – Multiple PassCode Bypass Vulnerabilities (App Store Link, Buy Tones Link & Weather Channel Link)
7th March, 2016
A security issue affects these releases of Ubuntu and its
derivatives:
USN-2915-1 introduced a regression in Django.
USN-2915-1 fixed vulnerabilities in Django. The upstream fix for
CVE-2016-2512 introduced a regression for certain applications. This update
fixes the problem.
Original advisory details:
Mark Striemer discovered that Django incorrectly handled user-supplied
redirect URLs containing basic authentication credentials. A remote
attacker could possibly use this issue to perform a cross-site scripting
attack or a malicious redirect. (CVE-2016-2512)
Sjoerd Job Postmus discovered that Django incorrectly handled timing when
doing password hashing operations. A remote attacker could possibly use
this issue to perform user enumeration. (CVE-2016-2513)
The problem can be corrected by updating your system to the following
package version:
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
7th March, 2016
A security issue affects these releases of Ubuntu and its
derivatives:
Several security issues were fixed in Squid.
Sebastian Krahmer discovered that Squid incorrectly handled certain SNMP
requests. If SNMP is enabled, a remote attacker could use this issue to
cause Squid to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2014-6270)
Alex Rousskov discovered that Squid incorrectly handled certain malformed
responses. A remote attacker could possibly use this issue to cause Squid
to crash, resulting in a denial of service. (CVE-2016-2571)
The problem can be corrected by updating your system to the following
package version:
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
7th March, 2016
A security issue affects these releases of Ubuntu and its
derivatives:
USN-2915-1 introduced a regression in Django.
USN-2915-1 fixed vulnerabilities in Django. The upstream fix for
CVE-2016-2512 introduced a regression for certain applications. This update
fixes the problem by applying the complete upstream regression fix.
Original advisory details:
Mark Striemer discovered that Django incorrectly handled user-supplied
redirect URLs containing basic authentication credentials. A remote
attacker could possibly use this issue to perform a cross-site scripting
attack or a malicious redirect. (CVE-2016-2512)
Sjoerd Job Postmus discovered that Django incorrectly handled timing when
doing password hashing operations. A remote attacker could possibly use
this issue to perform user enumeration. (CVE-2016-2513)
The problem can be corrected by updating your system to the following
package version:
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
8th March, 2016
A security issue affects these releases of Ubuntu and its
derivatives:
Several security issues were fixed in Thunderbird.
Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectly
allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were
able to perform a man-in-the-middle attack, this flaw could be exploited to
view sensitive information. (CVE-2015-7575)
Yves Younan discovered that graphite2 incorrectly handled certain malformed
fonts. If a user were tricked into opening a specially crafted website in a
browsing context, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitary code with the
privileges of the user invoking Thunderbird. (CVE-2016-1523)
Bob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman,
Carsten Book, and Randell Jesup discovered multiple memory safety issues
in Thunderbird. If a user were tricked in to opening a specially crafted
website in a browsing context, an attacker could potentially exploit these
to cause a denial of service via application crash, or execute arbitrary
code with the privileges of the user invoking Thunderbird. (CVE-2016-1930)
Aki Helin discovered a buffer overflow when rendering WebGL content in
some circumstances. If a user were tricked in to opening a specially
crafted website in a browsing context, an attacker could potentially
exploit this to cause a denial of service via application crash, or
execute arbitrary code with the privileges of the user invoking
Thunderbird. (CVE-2016-1935)
The problem can be corrected by updating your system to the following
package version:
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart Thunderbird to make
all the necessary changes.
In 1942 six mathematicians were selected to program a machine that would help the US army calculate complex wartime ballistics tables. They helped to create ENIAC – one of the world’s first ever electronic computers. They were also all women.
The post The women of ENIAC and the future of women in tech appeared first on We Live Security.
