Submission + - Secure Apps Exposed to Hacking via Flaws in Underlying Programming Languages (bleepingcomputer.com)

An anonymous reader writes: Research presented this week at the Black Hat Europe 2017 security conference has revealed that several popular interpreted programming languages are affected by severe vulnerabilities that expose apps built on these languages to attacks. The author of this research is IOActive Senior Security Consultant Fernando Arnaboldi. The expert says he used an automated software testing technique named fuzzing to identify vulnerabilities in the interpreters of five of today's most popular programming languages: JavaScript, Perl, PHP, Python, and Ruby.

The researcher created his own fuzzing framework named XDiFF that broke down programming languages per each of its core functions and fuzzed each one for abnormalities. His work exposed severe flaws in all five languages, such as a hidden flaw in PHP constant names that can be abused to perform remote code execution, and undocumented Python methods that lead to OS code execution. Arnaboldi argues that attackers can exploit these flaws even in the most secure applications built on top of these programming languages.

Submission + - Updated Debian Linux 9.3 and 8.10 released

An anonymous reader writes: The Debian project is pleased to announce the third update of its stable distribution Debian 9 (codename stretch). This point release mainly adds corrections for security issues, along with a few adjustments for serious problems. Security advisories have already been published separately and are referenced where available. The Debian project also announce the tenth update of its oldstable distribution Debian 8 (codename jessie).

Please note that the point release does not constitute a new version of Debian 9 or 8 but only updates some of the packages included. There is no need to throw away old jessie or stretch DVD/CD media. After installation, packages can be upgraded to the current versions using an up-to-date Debian mirror. This stable update adds a few important corrections to packages. New installation images will be available soon at the mirrors.

Those who frequently install updates from security.debian.org won't have to update many packages, and most such updates are included in the point release. One can use the apt command or apt-get command to apply updates. A step-by-step update guide is posted here.

Submission + - Monster black hole is the oldest ever found (nypost.com)

schwit1 writes: A team led by the Carnegie Observatories’ Eduardo Banados reported in the journal Nature on Wednesday that the black hole lies in a quasar dating to 690 million years after the Big Bang. That means the light from this quasar has been traveling our way for more than 13 billion years.

Banados said the quasar provides a unique baby picture of the universe when it was just 5 percent of its current age.

It would be like seeing photos of a 50-year-old man when he was 2½ years old, according to Banados.

“This discovery opens up an exciting new window to understand the early universe,” he said in an email from Pasadena, California.

Slashdot Top Deals