Forgot your password?
typodupeerror
Security

+ - Flickr's API (and many others) Signature Forgery V->

Submitted by Anonymous Coward
An anonymous reader writes "Flickr offers a fairly comprehensive web-service API that allows programmers to create applications that can perform almost any function a user on the Flickr site can do. Users should be authenticated using the Flickr Authentication API. Any applications wishing to use the Flickr Authentication API must have already obtained a Flickr's API Key. An 8-byte long 'shared secret' for the API Key is then issued by Flickr and cannot be changed by the users. This secret is used in the signing process, which is required for all API calls using an authentication token. This advisory describes a vulnerability in the signing process that allows an attacker to generate valid signatures without knowing the shared secret. By exploiting this vulnerability, an attacker can send valid arbitrary requests on behalf of any application using Flickr's API."
Link to Original Source
Security

+ - Flickr's API Signature Forgery Vulnerability->

Submitted by
thaidn
thaidn writes "Flickr offers a fairly comprehensive web-service API that allows programmers to create applications that can perform almost any function a user on the Flickr site can do. Users should be authenticated using the Flickr Authentication API. Any applications wishing to use the Flickr Authentication API must have already obtained a Flickr's API Key. An 8-byte long 'shared secret' for the API Key is then issued by Flickr and cannot be changed by the users. This secret is used in the signing process, which is required for all API calls using an authentication token. This advisory describes a vulnerability in the signing process that allows an attacker to generate valid signatures without knowing the shared secret. By exploiting this vulnerability, an attacker can send valid arbitrary requests on behalf of any application using Flickr's API."
Link to Original Source
Microsoft

+ - Free Linux CD in Windows Vista Day!

Submitted by thaidn
thaidn (1061428) writes "Tomorrow 22/03/2007, Microsoft will hold something called Vietnam Windows Vista Day in Ho Chi Minh City. We think this is a very good chance to promote Linux so that we decide to deliver free Linux CD and documentation at that very fair. 300 "Gift from the Penguine" packages, each containing a free Ubuntu Linux and a quickstart manual in Vietnamese, will be delivered to students, programmers, developers and anyone else interested in Linux."
Security

+ - Damn Vulnerable Linux

Submitted by
Scott Ainslie Sutton
Scott Ainslie Sutton writes "Enterprise GNU/Linux Resource Linux.com have highlighted a newly created GNU/Linux distribution named Damn Vulnerable Linux, built upon Damn Small Linux. The distribution, headed by Thorsten Schneider, aims to deliver the Operating System in such a way that it allows Security Students first hand insight and hands on experience with Security issues within GNU/Linux in order to teach them protection and mitigation techniques The project's website describes the distribution as 'the most vulnerable, exploitable Operating System ever' and it's true, the developers have ensured that it contains outdated, ill-configured, flawed code and contains GNU/Linux 2.4 Kernel which is known to have many exploitable avenues in itself. Damn Vulnerable Linux's website can be viewed here."

1 + 1 = 3, for large values of 1.

Working...