FOSS Force News Wire

Ubuntu Hacked, Linux Journal Extremists & More…

Bumblehive NSA

Also included: Microsoft shows love of Linux with gift of Skype and Torvalds continues to be Torvalds.

FOSS Week in Review

The biggest Linux story this week by mainstream tech sites’ standards was Skype working to include Linux users in its installed base by releasing a new Linux client to replace […]

Continue reading Ubuntu Hacked, Linux Journal Extremists & More…

David A. Wheeler: Working to Prevent the Next Heartbleed

David A. Wheeler Core Infrastructure Initiative

The Heartbleed bug revealed that some important open source projects were so understaffed that they were unable to properly implement best security practices. The Linux Foundation’s Core Infrastructure Initiative , formed to help open source projects have the ability to adopt these practices, uses a lot of carrot and very little stick.

[…]

Continue reading David A. Wheeler: Working to Prevent the Next Heartbleed

SourceForge Tightens Security With Malware Scans

SourceForge warning badge

After taking down the controversial DevShare program in early February, the new owners of popular software repository, SourceForge, have begun scanning all projects it hosts for malware in an attempt to regain trust that was lost by Dice Holdings, the site’s previous owners.

It appears as if the new owners at SourceForge are […]

Continue reading SourceForge Tightens Security With Malware Scans

ImageMagick’s ImageTragick: Exploits Not Yet Widespread

ImageMagick logo

Breaking News: Patched versions of ImageMagick now available. FOSS Force has now learned that the ImageTragick hole has been patched in versions 7.0.1-2 and 6.9.4-0. Websites using ImageMagick are urged to upgrade.

Security researchers are reporting that cracker/hackers are currently taking advantage of ImageTragick, the easy to exploit security vulnerability in ImageMagick, a popular open […]

Continue reading ImageMagick’s ImageTragick: Exploits Not Yet Widespread

WordPress Plugin ‘Ninja Forms’ Security Vulnerability

FOSS Force has just learned from Wordfence, a security company that focuses on the open source WordPress content management platform, that a popular plugin used by over 500,000 sites, Ninja Forms, contains serious security vulnerabilities.

In a blog post on Thursday morning, Wordfence writes:

Ninja Forms versions 2.9.36 to 2.9.42 contain multiple vulnerabilities. One of […]

Continue reading WordPress Plugin ‘Ninja Forms’ Security Vulnerability

Rule 41: Getting Around the Constitution and Having It Too

You don’t have to be a rocket scientist to understand what’s wrong with the proposed federal court updates to Rule 41.

Anyone who’s even halfway following the news of the proposed updates to Rule 41 probably can’t help but be struck by the irony of the situation. It’s actually humorous, in a Vonnegutian […]

Continue reading Rule 41: Getting Around the Constitution and Having It Too

Open Source ImageMagick Security Bug Puts Sites at Risk

ImageMagick logo

A security vulnerability in the open source ImageMagick graphics tool used by a large number of websites could allow a malicious payload to be executed onsite.

ImageMagick, an open source suite of tools for working with graphic images used by a large number of websites, has been found to contain a serious security […]

Continue reading Open Source ImageMagick Security Bug Puts Sites at Risk

‘New’ Windows Security Flaw Runs Apps Without Admin Rights

Security hole

Newly discovered Windows security hole bypasses AppLocker and lets apps run without admin rights. Proof-of-concept code published.

This is one of those “look what I found while looking for something else” sort of stories. Casey Smith was trying to solve a problem and accidentally discovered a security vulnerability that affects business and server […]

Continue reading ‘New’ Windows Security Flaw Runs Apps Without Admin Rights