Tech~Covo

Home of -jm- AKA juanm ,,, with stuff, some news, an album and so on

Skip to content

News

Press about phpBB.com crack

Postby Juanm on Wednesday February 11th, 2009 08h09:43

Some facts about the PHPList vulnerability and the phpbb.com hack

A few days ago phpbb.com was hacked through a super-globals-overwrite vulnerability in PHPList that was used by an attacker for a local file inclusion exploit. [--cut] From the explanation it seems that the PHP installation on phpbb.com was more or less a default one that was not hardened against attacks at all, but I will get into this later.

First I want to shed some light on the super-globals-overwrite vulnerability in PHPList that was wrongly attributed a local file inclusion vulnerability in so many places (including the PHPList announcement). [...]

-----------------------------...
Read full news: Here
Link to topic: Press about phpBB.com crack
Comments: 0
Top

Windows 7 beta available 'til january 24th

Postby Juanm on Monday January 12th, 2009 07h49:45

On january 10th both the Windows 7 download page and Microsoft.com were intermittently unreachable despite the "additional infrastructure support to the Microsoft.com properties" announced on jan 10th 2009, 03:53:00 . Then a new post was made on win7 team blog yesterday night
I know many of you have had issues with the Windows 7 Beta site over the last 24 hours.
As you may have noticed the download site has been up a...
Read full news: Here
Link to topic: Windows 7 beta available 'til january 24th
Comments: 0
Top

Changelog for Opera 9.63

Postby Juanm on Wednesday December 24th, 2008 18h52:54

Opera 9.63 is a recommended security and stability upgrade.

Opera 9.63 incorporates the Opera Presto 2.1.1 user agent engine.

[cut]

security fixes
[code] * Manipulating text input contents can allow execution of arbitrary code, as reported by Red XIII. See our advisory.
* HTML parsing flaw can cause Opera to execute arbitrary code, as reported by Alexios Fakos. See our advisory.
* Long hostnames in file: URLs can cause execution of arbitrary code, as reported by Vitaly McLain. see our advisory.
* Script injection in feed preview can reveal contents of unrelated news feeds, as reported by David Bloom. See our advisory.
* Built-in XSLT templates can allow cross-site scripting, as reported by Robert ...
Read full news: Here
Link to topic: Changelog for Opera 9.63
Comments: 0
Top

FF 3.0.5 - multiple critical vulns

Postby Juanm on Thursday December 18th, 2008 21h53:04

MFSA 2008-69 XSS vulnerabilities in SessionStore

Mozilla security researcher moz_bug_r_a4 reported vulnerabilities in the session-restore feature by which content could be injected into an incorrect document storage location, including storage locations for other domains. An attacker could utilize these issues to violate the browser's same-origin policy and perform an XSS attack while SessionStore data is being restored.

moz_bug_r_a4 also reported that one variant could be used by an attacker to run arbitrary JavaScript with chrome privileges.

[url=http://www.mozilla.org/security/announce/2008/mfsa2008-68.html]MFSA 2008-68[...
Read full news: Here
Link to topic: FF 3.0.5 - multiple critical vulns
Comments: 0
Top

Smartor site taken over

Postby Juanm on Thursday December 11th, 2008 22h51:05

Maybe somepeople remembered that old gallery here was developed by smartor (smartor.is-root), a known phpBB2 MODder from Vietnam.

The new domain owner wrote:Smartor himself seems to have dropped any phpBB2 Development and the Domain was down for nearly one year now and all old Forum Content seems to have lost.


The new site server is in Germany.

And btw ... the old smartor site was IIRC hosted on his own PC. Then it happened what it happened: site down from eons and no more support for smartor MODs on smartor site (where btw I had a registered account).
Read full news: Here
Link to topic: Smartor site taken over
Comments: 0
Top

Firefox 3.0.4 - security related

Postby Juanm on Sunday November 16th, 2008 11h00:36

F was unleashed on November 12th.

Fixes from FF 3.0.3
Stat: 4 critical, 2 high, 2 moderate, 1 low.

Upgrading is highly recommended.
Disabling javascript in Mozilla Thunderbird too, at least until a new version comes out

  • MFSA 2008-58 Parsing error in E4X default namespace
  • MFSA 2008-57 -moz-binding property bypasses security checks on codebase principals
  • MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation
  • MFSA 2008-55 Crash and remote code execution in nsFrameManager
    ling and wushi of team509, via TippingPoint's Ze...
Read full news: Here
Link to topic: Firefox 3.0.4 - security related
Comments: 0
Top

FF 3.0.3 - not security related

Postby Juanm on Thursday October 2nd, 2008 07h25:58

First the good news: no security related issues found in v 3.0.2

According to the release notes, it was born only to fix a non working password management system

Let's see

bug reporter wrote:My preferences are set to REMEMBER PASSWORDS FOR SITES and there are
no exceptions in the EXCEPTIONS box.

Reproducible: Always

Steps to Reproduce:
1.I type user name and password for any site, paypal, wachovia, etc.
2. It takes me to the logged in site without asking if I want the password
remembered.
3.
Actual Results:
It happens at every site that requires a password.


The upgrade file...
Read full news: Here
Link to topic: FF 3.0.3 - not security related
Comments: 0
Top

FF 3.02 unleashed

Postby Juanm on Wednesday September 24th, 2008 10h30:29

It has been released today . Let's see

# Fixed several security issues.
# Fixed several stability issues.
# Official releases for Sinhala and Slovene are now available.
# Beta releases for Bengali, Galician, Hindi, Icelandic, Kannada, Marathi, Telegu, and Thai are available for testing.
# Fixed a number of minor issues with the layout of certain web pages.
# Fixed several theme issues that affected right-to-left locales.
# Fixed issue that caused some users with customized toolbars to have their Back and Forward buttons go missing (bug 426026)
# Add new Extended Validation (EV) roots to Firefox 3.0.2.
# On certain IDN sites, the password manager would not fill in username and password details properly.
# Fixed several hangs and crashes that occurred when using screen readers.
# Fixed Mac...
Read full news: Here
Link to topic: FF 3.02 unleashed
Comments: 2
Top

phpBB dev wiki on phpbb.com

Postby Juanm on Sunday August 31st, 2008 10h12:48

If you were roaming for enough time after Olympus stuff, you may have found at least once in your life this address:

http://olympuswiki.naderman.de

It was linked through startrekguide and not only. Basically, all database table stuff was there, and it was very useful if you had some low level actions to do or some tricks to spot. The project was then moved to another address that I don't remember. And then, yesterday late night ...

Acyd Burn, here wrote:I am pleased to announce the addition of a w...
Last edited by Juanm on Friday September 5th, 2008 13h40:14, edited 3 times in total.
Reason: adjusted formatting
Read full news: Here
Link to topic: phpBB dev wiki on phpbb.com
Comments: 1
Top

Londonvasion'08 videos now available

Postby Juanm on Sunday August 17th, 2008 16h18:35

Well, the latest video from londonvasion was uploaded only 17 hours ago, the others about 48h ago.
They're all available from this place.
Read full news: Here
Link to topic: Londonvasion'08 videos now available
Comments: 0
Top
  

Tech Covo news

Latest posts

Latest downloads

MODification announcements

Latest photos

Last edited pages
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Glacier Style Designed by Ika © 2007, 2008 ShadowFlames Development
Background Artwork © 2007, 2008 Blatte

Time : 0.093s | 7 Queries | GZIP : Off
cron

Rate this site