The Heartbleed bug revealed that some important open source projects were so understaffed that they were unable to properly implement best security practices. The Linux Foundation’s Core Infrastructure Initiative , formed to help open source projects have the ability to adopt these practices, uses a lot of carrot and very little stick.
Continue reading David A. Wheeler: Working to Prevent the Next Heartbleed
After taking down the controversial DevShare program in early February, the new owners of popular software repository, SourceForge, have begun scanning all projects it hosts for malware in an attempt to regain trust that was lost by Dice Holdings, the site’s previous owners.
It appears as if the new owners at SourceForge are […]
Continue reading SourceForge Tightens Security With Malware Scans
Breaking News: Patched versions of ImageMagick now available. FOSS Force has now learned that the ImageTragick hole has been patched in versions 7.0.1-2 and 6.9.4-0. Websites using ImageMagick are urged to upgrade.
Security researchers are reporting that cracker/hackers are currently taking advantage of ImageTragick, the easy to exploit security vulnerability in ImageMagick, a popular open […]
Continue reading ImageMagick’s ImageTragick: Exploits Not Yet Widespread
FOSS Force has just learned from Wordfence, a security company that focuses on the open source WordPress content management platform, that a popular plugin used by over 500,000 sites, Ninja Forms, contains serious security vulnerabilities.
In a blog post on Thursday morning, Wordfence writes:
Ninja Forms versions 2.9.36 to 2.9.42 contain multiple vulnerabilities. One of […]
Continue reading WordPress Plugin ‘Ninja Forms’ Security Vulnerability
You don’t have to be a rocket scientist to understand what’s wrong with the proposed federal court updates to Rule 41.
Anyone who’s even halfway following the news of the proposed updates to Rule 41 probably can’t help but be struck by the irony of the situation. It’s actually humorous, in a Vonnegutian […]
Continue reading Rule 41: Getting Around the Constitution and Having It Too
A security vulnerability in the open source ImageMagick graphics tool used by a large number of websites could allow a malicious payload to be executed onsite.
ImageMagick, an open source suite of tools for working with graphic images used by a large number of websites, has been found to contain a serious security […]
Continue reading Open Source ImageMagick Security Bug Puts Sites at Risk
Newly discovered Windows security hole bypasses AppLocker and lets apps run without admin rights. Proof-of-concept code published.
This is one of those “look what I found while looking for something else” sort of stories. Casey Smith was trying to solve a problem and accidentally discovered a security vulnerability that affects business and server […]
Continue reading ‘New’ Windows Security Flaw Runs Apps Without Admin Rights