moeffju.net

Update: The announcement is out. The important part is: [...] a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file [...] Nothing in the Subversion repository was touched, so if you upgrade and maintain your blog via SVN there is no chance ...

Mozilla today made bug #360493 public. It describes an attack using cross-site forms and a security flaw in the Firefox Password Manager to read stored passwords for a different site. There is a proof of concept that demonstrates that the bug can even be abused without any hint to the user - the form need not ...

Jaja, die Leute schreiben immer noch übers StudiVZ. Also schreib ich jetzt endlich mal die Sachen auf, die ich in den letzten Monaten (seit meiner Anmeldung beim StudiVZ, Mitte September) so bemerkt habe. Das mit den Bilder-URLs ist ja schon stadtbekannt. Natürlich machen alle anderen Großen - wie Xing, flickr, etc. - auch so, und das ...

Just got 26 requests from some bot or script looking for unprotected installations of phpMyAdmin. The requests, one per second, were made to the following URIs: /phpmyadmin/main.php /PMA/main.php /mysql/main.php /admin/main.php /db/main.php /dbadmin/main.php /web/phpMyAdmin/main.php /admin/pma/main.php /admin/phpmyadmin/main.php /admin/mysql/main.php /phpmyadmin2/main.php /mysqladmin/main.php /mysql-admin/main.php /main.php /phpMyAdmin-2.5.6/main.php /phpMyAdmin-2.5.4/main.php /phpMyAdmin-2.5.1/main.php /phpMyAdmin-2.2.3/main.php /phpMyAdmin-2.2.6/main.php /myadmin/main.php /phpMyAdmin-2.6.0/main.php /phpMyAdmin-2.6.0-pl1/main.php /phpMyAdmin-2.6.3-pl1/main.php /phpMyAdmin-2.6.3/main.php /phpMyAdmin-2.6.3-rc1/main.php /phpMyAdmin-2.6.2-rc1/main.php The requests all originated ...