LWN.net's Journal
[Most Recent Entries]
[Calendar View]
Thursday, April 14th, 2016
| Time |
Event |
| 12:44a |
[$] LWN.net Weekly Edition for April 14, 2016
The LWN.net Weekly Edition for April 14, 2016 is available. | | 2:55p |
Security updates for Thursday Debian has updated samba
(multiple vulnerabilities) and
samba (regression in previous update).
Fedora has updated samba (F23; F22:
multiple vulnerabilities).
Mageia has updated apache-commons-collections (code execution),
imlib2 (three vulnerabilities), mercurial (three vulnerabilities), optipng (two vulnerabilities), postgresql (two vulnerabilities), python-pillow (code execution), and thunderbird (unspecified).
openSUSE has updated lhasa (42.1; 13.2:
code execution) and quagga (password disclosure).
SUSE has updated samba (SLE11SP2:
multiple vulnerabilities). | | 7:00p |
Gone In Six Characters: Short URLs Considered Harmful for Cloud Services (Freedom to Tinker) Over at the Freedom to Tinker blog, guest poster Vitaly Shmatikov, who is a professor at Cornell Tech, writes about his study [PDF] of what URL shortening means for the security and privacy of cloud services. " TL;DR: short URLs produced by bit.ly, goo.gl, and similar services are so short that they can be scanned by brute force. Our scan discovered a large number of Microsoft OneDrive accounts with private documents. Many of these accounts are unlocked and allow anyone to inject malware that will be automatically downloaded to users’ devices. We also discovered many driving directions that reveal sensitive information for identifiable individuals, including their visits to specialized medical facilities, prisons, and adult establishments." |
|