Linux Kernel ‘tcp_rcv_state_process()’ Function Denial of Service Vulnerability

OpenSSL TLS ‘heartbeat’ Extension Multiple Information Disclosure Vulnerabilities

Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability

Vuln: Linux Kernel CONFIG_HID Local Memory Corruption Vulnerability

Linux Kernel CONFIG_HID Local Memory Corruption Vulnerability

The Perfect Server – Ubuntu 14.04 (Apache2, PHP, MySQL, PureFTPD, BIND, Dovecot, ISPConfig 3)This tutorial shows how to prepare an Ubuntu 14.04 (Trusty Tahr) server (with Apache2, BIND, Dovecot) for the installation of ISPConfig 3, and how to install ISPConfig 3. ISPConfig 3 is a webhosting control panel that allows you to configure the following services through a web browser: Apache or nginx web server, Postfix mail server, Courier or Dovecot IMAP/POP3 server, MySQL, BIND or MyDNS nameserver, PureFTPd, SpamAssassin, ClamAV, and many more. This setup covers Apache (instead of nginx), BIND (instead of MyDNS), and Dovecot (instead of Courier).

An anonymous reader writes “A band of space hackers and engineers are trying to do something never done before — recover a 36 year old NASA spacecraft from the grips of deep space and time. With old NASA documents and Rockethub crowdfunding, a team led by Dennis Wingo and Keith Cowing is attempting to steer ISEE-3, later rechristened ICE, the International Cometary Explorer, back into an Earth orbit and return it to scientific operations. Dennis says, ‘ISEE-3 can become a great teaching tool for future engineers and scientists helping with design and travel to Mars’. Only 40 days remain before the spacecraft will be out of range for recovery. A radio telescope is available, propulsion designs are in hand and the team is hoping for public support to provide the small amount needed to accomplish a very unique milestone in space exploration.”

Read more of this story at Slashdot.




The cloud is having a huge impact on the enterprise, so much so that it’s actually altering the roles of IT and end users alike –and not surprising each party sees the cloud through a different lens.

Yes, the pop-art king used an AMIGA

The Andy Warhol Museum in Pittsburgh, Pennsylvania has recovered a trove of previously unknown works by the pop-art pioneer from an unexpected, yet suitably modern source: a set of Commodore Amiga floppy disks.…

Secret no-hire pact naughtiness could give 64,600 employees a hefty payday

A series of secret pacts among some of the biggest employers in Silicon Valley to cheat their staffers could turn out to be a rather expensive mistake, with Apple, Google, Intel, and Adobe now agreeing to settle the antitrust class-action lawsuit out of court.…

The Linux Foundation has launched the Core Infrastructure Initiative with a slew of prominent corporate supporters including Amazon, Cisco and others.

An anonymous reader writes “A group of tech companies including Google and Apple have agreed to settle an antitrust lawsuit over no-hire agreements in Silicon Valley. Terms of the deal were not disclosed. From the article: ‘Tech workers filed a class action lawsuit against Apple Inc, Google Inc, Intel Inc and Adobe Systems Inc in 2011, alleging they conspired to refrain from soliciting one another’s employees in order to avert a salary war. Trial had been scheduled to begin at the end of May on behalf of roughly 64,000 workers in the class.’”

Read more of this story at Slashdot.




Vuln: CUPS Web Interface Cross Site Scripting Vulnerability

CUPS Web Interface Cross Site Scripting Vulnerability

Vuln: Oracle Java SE CVE-2014-0423 Remote Security Vulnerability

Oracle Java SE CVE-2014-0423 Remote Security Vulnerability

Vuln: Oracle Java SE CVE-2014-0411 Remote Security Vulnerability

Oracle Java SE CVE-2014-0411 Remote Security Vulnerability

Multiple TLS And DTLS Implementations CVE-2013-0169 Information Disclosure Vulnerability

Kid3 is a powerful audio tag editor for KDE with support for formats like MP3, Ogg/Vorbis, FLAC, MPC, MP4/AAC, MP2, Speex, TrueAudio and WAV. Kid3 allows you to edit common tags over multiple files as well.

sciencehabit (1205606) writes “As eagerness to explore the Arctic’s oil and gas resources grows, the threat of a major Arctic oil spill looms ever larger—and the United States has a lot of work to do to prepare for that inevitability, a panel convened by the National Research Council (NRC) declares in a report released yesterday. The committee, made up of members of academia and industry, recommended beefing up forecasting systems for ocean and ice conditions, infrastructure for supply chains for people and equipment to respond, field research on the behavior of oil in the Arctic environment, and other strategies to prepare for a significant spill in the harsh conditions of the Arctic.” Shortest version: no one has any idea how any spill cleanup techniques would work in the arctic environment.

Read more of this story at Slashdot.




Office 365, Azure, and yes, even Bing to lead the way, Nadella assures us

Microsoft reported flat revenues and shrinking profits for the third quarter of its fiscal 2014, but that was still better news than the analysts were expecting to hear.…

Struts 2.3.16.1 ClassLoader Manipulation

In Struts 2.3.16.1, an issue with ClassLoader manipulation via request parameters was supposed to be resolved. Unfortunately, the correction wasn’t sufficient. A security fix release fully addressing this issue is in preparation and will be released as soon as possible.

Sitecom WLR-4000 / WLR-4001 Weak Encryption / Predictable WPA Key

Sitecom WLR-4000 and WLR-4004 both v1 001 suffer from weak firmware encryption and have a predictable WPA key.