Bug alert

Internet Explorer: zero day bug

A remote code execution vulnerability exists in Internet Explorer in the way that the scripting engine handles objects in memory. The vulnerability could corrupt memory and an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system.

Beware of public charging points for smartphones!

The Los Angeles County District Attorney’s Office is warning travelers about a USB charger scam, or “juice jacking.”
“A free charge could end up draining your bank account,” Luke Sisak, a deputy district attorney, said in a video posted online.
Juice jacking happens when unsuspecting users plug their electronic devices into USB ports or use USB cables that have been loaded with malware.

Bug in Bitcoin-Software Core

Eine Lücke im Bitcoin-Referenzclient Core erweist sich als schwerwiegendes Sicherheitsproblem: So können Angreifer Denial-of-Service-Attacken (DoS) gegen den in der Software betriebenen Bitcoin-Netzwerkknoten durchführen, um diesen zusammenbrechen zu lassen. Zudem lassen sich dadurch Bitcoins mittels eines sogenannten Double Spend über die definierte Geldmenge von 21 Millionen Einheiten hinaus erzeugen, schreibt Heise Online. Normalerweise ist ein Double Spend – der Versuch, die gleichen Coins zweifach auszugeben – im Bitcoin Protokoll verboten. Die Sicherheitslücke lässt dies aber zu.

Bug nella libreria glibc di Linux

Nella libreria GNU C Library (glibc), presente su ogni sistema Linux, esiste una falla di sicurezza. Il problema affligge la libreria dalla versione 2.9 e per la verità era stato segnalato già tempo fa, ma recentemente è stato "riscoperto" indipendentemente da ricercatori di Google e di Red Hat.