The official bug of the day makes https://try.dot.net open a printing dialog, just by using Math.Round. Here’s the github issue: https://github.com/dotnet/try/issues/290
Responses on Twitter are totally appropriate.
Until recently, notepad.exe was considered safe in terms of security vulnerability, mostly for its lack of features and therefore lack of attack surface. Until Vulnerability researcher at Google, Tavis Ormandy, took a closer look and popped a shell from notepad.exe.
In today’s edition of privacy related topics, it is Google that apparently stored customer passwords in plaintext. Google didn’t disclose which (enterprise) customers have been affected, but was clear that improper access is out of question. With this recent incident, Google joins ranks of Facebook, Instagram, but also Twitter and LinkedIn.
Google says it discovered a bug that caused some of its enterprise G Suite customers to have their passwords stored in an unhashed form for about 14 years.
Meanwhile, another flaw from the Facebook universe. While it appears it’s not immediately related to data leakage, it gives great potential to 3rd parties, though. On the upside, nobody will attribute it to Facebook this time.
A WhatsApp vulnerability left Android and iOS devices open to attack from sophisticated surveillance software. The Facebook-owned company said it hasn’t yet been able to determine how many people were impacted, and told users to ensure they’re running the latest version of the app.
Offenbar ist der Grund für den gestrigen und heutigen Ausfall der Telekom: ein bekannter Bug in TR069. Es gibt offenbar auch ein Metasploit Modul dafür.
If you use MongoDB and like sleeping at night, don't read this line from the source code: https://t.co/o0DnsdJBwl
— Trevor Morgan (@trvrm) July 20, 2015
Security researchers say the zero-day flaw affects “millions” of machines in datacenters around the world.
Security researchers found a flaw in QEMU, dating back to 2004. Lots of virtualization platforms inherited the bug. Since virtualization powers the cloud, this has some potential.