JaypeeOnline

WordPress 2.6.2

Tuesday, September 9, 2008

Yesterday, WordPress 2.6.2 was released to address the SQL Column Truncation and mt_rand() vulnerabilities. This release also includes a few other minor bug fixes. (Details of other bug fixes can be found here) Here's an excerpt from the WordPress blog to give you an idea on how the vulnerabilities can be used to attack blogs with open user registration. With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another user’s password to a randomly generated password. The randomly generated password is not disclosed to the attacker, so this problem by itself is annoying but not a security exploit. However, this attack coupled with a weakness in the random number seeding in mt_rand() could be used to predict the randomly generated password.

iPhone Exploits Discovered

Tuesday, July 24, 2007

1 Comment

Researchers for Independent Security Evaluators have discovered two security vulnerabilities in the Apple iPhone. The vulnerabilities are found in the Safari browser through a method called “fuzzing”. The first exploit requires the user to surf a maliciously coded website using the Safari browser. As soon as the user gets there, all tje data inside the [...]