There is a bug in WordPress right now that is rather critical for anyone who uploads posts without immediately publishing. Simply by manipulating the URL any visitor can view all future, draft, or pending posts. Our site was vulnerable to this issue, but we patched it quickly because it could be used to retrieve the CyberNotes posts that we write ahead of time.
We’re now launching a new project within Mozilla Labs to formally explore this integration. This project will be known as Weave and it will focus on finding ways to enhance the Firefox user experience, increase user control over personal information, and provide new opportunities for developers to build innovative online experiences.
Just like Mozilla enables massive innovation by making Firefox open on many levels, we will aim to do the same with Weave by developing an open extensible framework for services integration.
Computer maker Hewlett Packard has fessed up to a gaping security hole on more than 80 laptop models, warning that the backdoor could users at risk of drive-by code execution attacks.
An advisory from HP lists 82 laptop models as vulnerable to the ActiveX vulnerability found on the HP Info Center software. The issue is rated “critical” and HP laptop owners should be aware that public exploit code that provides a roadmap for exploiting the hole is circulating around the Internet.
A successful exploit simply requires that the laptop owner is lured to a malicious Web site while using Microsoft’s Internet Explorer. The risks include remote code execution, remote system registry read/write access and remote shell command execution.
It affects laptops running Windows 2000, Windows XP and Windows Vista.
HP confirms gaping backdoor on 82 laptop models | Ryan Naraine’s Zero Day | ZDNet.com
Canadian software author and webmaster, Dewald Pretorius, today released two new software products that are focused on solving the duplicate content (http://www.phpspinner.com) worries of many webmasters across the globe. “I initially wrote the software out of a personal need and frustration with duplicate content problems, and as an afterthought realized what a big market there is for it,” said Dewald Pretorius.
The software addresses the problem at the source, the website where the original content is published, by enabling the webmaster to vary the content of the same web page with every single page view.
Are The Days of Duplicate Content Numbered with Newly Released Software? – Scadart Software
Hackers successfully infiltrated Oak Ridge National Laboratory (ORNL), one of the nation’s leading military research facilities. The attackers gained access by sending e-mails infected with trojan horses to ORNL employees. The lab claims that no classified information was retrieved, but admits that the perpetrators managed to acquire a database containing personal information about ORNL visitors and employees, including Social Security numbers.
“A hacker illegally gained access to ORNL computers by sending staff e-mails that appeared to be official legitimate communications. When the employees opened the attachment or accessed an embedded link, the hacker planted a program on the employees’ computers that enabled the hacker to copy and retrieve information,” ORNL revealed in a statement. “No classified information was lost; However, visitor personal information may have been stolen. If you visited ORNL between the years 1990 and 2004 your name and other personal information such as your social security number or date of birth may have been part of the stolen information.”
The Oak Ridge National Laboratory has warned that its computer systems have been infiltrated by one or more hackers who skirted system’s security to gain access to personal information on the lab’s visitors. The information was then used in a phishing scheme that attempted to convince victims to open a malicious e-mail attachment. The lab has not commented on the attackers’ suspected motives