The WordPress development team has released version 3.1.2 of the popular blogging platform in order to address a privilege escalation issue affecting post publishing.

According to the release announcement, the flaw allowed Contributor-level users to improperly publish posts.

The security hole was located in press-this.php and was resolved by beginning to validate the post status against the user’s capabilities. WordPress developer and security team member Andrew Nacin together with a user named Benjamin Balter are credited with identifying the flaw. “We suggest you update to 3.1.2 promptly, especially if you allow users to register as contributors or if you have untrusted users,” the WordPress development team advises. The release also addresses several bugs that didn’t make it into WordPress 3.1.1 released less than a month ago, on April 6. These include fixing the user query ordering by post count for cases when the database table prefix is not the standard wp_, fixing tag queries which were broken in 3.1.1, preventing over-escaping of post titles when using Quick Edit for pages and ensuring Walker_PageDropdown filters titles correctly.

Google has released version 11.0.696.57 of its Google browser which addresses a large number of vulnerabilities and sets a new record for the amount of money paid to security researchers as reward in a single update. A total number of 27 vulnerabilities were patched in this release, 18 of which are rated with high severity, 6 with medium and 3 with low.

Regular Chrome security contributors Sergey Glazunov, miaubiz and kuzzcc are credited with discovering three vulnerabilities each which earned them $4,000, $2,000 and $4,000 respectively. The total payout for this release was $16,500, which exceeds the previous records set by Chrome 8.0.552.334 in February when researchers earned $14,500. There were no special $1,337 or $3,133.7 rewards associated with this release, but there were many $1,000, $1,500 and $2,000 ones suggesting that researchers also helped fix the bugs they found. Five of the patched vulnerabilities were discovered by members of the Chromium development community or Google’s own security team. “We would also like to thank miaubiz, kuzzcc, Slawomir Blazek, Drew Yao and Braden Thomas of Apple Product Security and Christian Hollier for working with us during the development cycle and helping prevent bugs from ever reaching the stable channel,” Google added.

Ladies and gentlemen, dear Ubuntu users, after three alphas and two beta releases, we are pleased to announce that Ubuntu 11.04 is here, today (April 28th), available on mirrors worldwide (see the download links at the end of the article).

It is our greatest pleasure to introduce you guys to the highlights of Ubuntu 11.04, dubbed Natty Narwhal. It all began on August 17th, 2010, when Mark Shuttleworth announced the Natty Narwhal operating system, the next major release of the popular Ubuntu OS.

Ubuntu 11.04 is also the 14th release of the Ubuntu OS and it will be supported for 18 months on both desktops and servers.

Under the hood of Ubuntu 11.04 (Natty Narwhal):

· Unity interface; · GNOME 2.32.1; · Linux kernel 2.6.38.3; · X.Org 7.6; · Xorg Server 1.10.1; · Compiz Fusion 0.9.4; · New artwork.

The Ubuntu 11.04 feature tour:

Jakarta – Kisruh di Playstation Network belum jua berakhir. Bahkan kabar terbaru, serangan cracker berhasil menggondol data-data personal, termasuk detail kartu kredit.

Sony menyatakan bahwa data penting tersebut kemungkinan jatuh ke tangan orang asing, bersamaan dengan serangan cracker ke Playstation Network. Sampai kini, Playstation Network belum dapat difungsikan.

“Kami menemukan antara 17 April dan 19 April 2011, beberapa informasi account user Playstation Network dan layanan Qriocity dibobol dalam hubungannya dengan gangguan ilegal di jaringan kami,” kata Nick Caplin, Head of Communications Playstation.

Sony says the extended PlayStation Network (PSN) downtime is caused by an intrusion into its systems which has prompted a detailed investigation. The PlayStation Network is used by 70 million gamers, many of whom are currently infuriated after being locked out of the service for over three days. “An external intrusion on our system has affected our PlayStation Network and Qriocity services,” Patrick Seybold, Sony’s senior director of corporate communications & social media, announced.

Berikut foto foto hasil sementara dari lomba turnamen mancing di Banda Aceh

*Posted with WordPress for BlackBerry.

Facebook users are targeted by a new survey scam which lures them with an app allegedly capable of showing them how they’ll would look when they’re old.

The spam message spread from the victims’ profiles reads: “hahah mine is halrious!!! check yours out :) See what you’ll look in the future! This cutting-edge technology will show you exactly how your face will look in the future!” The included link takes users to a page asking them to give an app access to post on their walls. Once installed, this application silently sends spam in their name.

Users are then redirected to a page displaying a “Show Me” button overlaid with a dialog asking them to take a survey as a security check.

Some of these surveys are deceptive and can trick users into subscribing to costly services. They are usually part of affiliate marketing schemes that pay scammers commission money.

Turnamen mancing spot akan dimulai hari sabtu dengan pelepasan simbolis jam 6 pagi, dengan batasan lokasi terjauh pulau rondo. Penimbangan ikan pertama dilakukan jam 21.00 di Gapang, dan bila lewat dinyatakan diskualifikasi. Dan peserta akan istirahat malam di Gapang hingga pukul 03.00 dini hari. Dan peserta akan kembali ke banda aceh utk penimbangan ikan terakhir pukul 15.00. Khusus untuk ikan Marlin peserta wajib melakukan catch and release. Dan untuk ikan ini mendapat nilai tersendiri, bila peserta membawa pulang ikan kategori billfish maka akan didiskualifikasi. Happy fishing and welcome to Banda Aceh.

*Posted with WordPress for BlackBerry.

Pengguna Skype yang ada di Android harus ekstra waspada. Berdasar temuan terbaru, aplikasi VoIP dan Video Chat tersebut rentan disusupi program jahat yang bisa mencuri data pribadi pengguna.

Bayangkan saja jika seluruh data pribadi seperti nomor dan password rekening kartu kredit yang tersimpan di ponsel Android berhasil dicuri, ketika membuka Skype.

Seperti dikutip detikINET dari engadget, Minggu (17/4/2011), ternyata program jahat tersebut menyusup melalui file chatting log pada Skype. Diketahui program jahat yang menyusup tersebut memiliki file database SQLite3.

Semoga pihak Skype segera menutup ‘lubang’ ini, dengan melakukan enkripsi file tersebut, agar tidak bisa diakses beberapa orang. Dengan meningkatnya jumlah pengguna Android, tampaknya makin banyak pelaku kejahatan cyber yang mengincarnya.

Sumber : Detik.net

Security researchers warn of a survey scam currently making the rounds on Twitter which tricks users by promising them the ability to view their profile visitors.

According to Robert Graham of Errata Security, victims post spam messages that read “94 people viewed my profile today!” followed by “Wow! See who viewed your twitter with Profile Spy [link]”

Clicking on the link takes users to a page asking for an app called “Profile Spy” to connect to their accounts. This app is used for the scam’s propagation and if allowed, it will start sending spam from the victim’s accounts without their permission. People who agree to connect with the application will be redirected to a page asking them to participate in a survey, allegedly as a security check. These surveys try to sign up users for premium rate mobile services or are part of legit affiliate marketing campaigns that are abused by the scammers. Each time a user completes a survey, the scammers earn a commission, which makes it worthwhile to keep the attacks going. “There might be further malware in those links designed to compromise your machine or accounts, like clickjacking exploits,” warns Mr. Graham. “I followed the first one, and it’s a typical scam that asks you to fill out endless surveys and promises you’ll win a prize at the end — but there is no end to the popups you have to go through,” he adds. The Profile Spy scams have plagued Facebook for a long time and it’s a theme that always keeps returning. They are less common on Twitter, because people are not used with installing Twitter apps as the Facebook ones are. People who fell victim to this attack should go to Profile > Edit your profile > Connections, and revoke the rogue app’s access. They should also remove the spammy tweets from their feed.

Sumber : softpedia