"From Snype @ www.phpnuke-install.com: Posted on Saturday, May 08, 2010 @ 07:06:19 CDT"

Snype writes:

PHP-Nuke is a popular Web content management system (CMS), based on PHP and a database such as MySQL, PostgreSQL, Sybase, or Adabas. Earlier versions were open source and free software protected by GNU Public License, but since then it has become commercial software. As it is still very popular in the Internet community, it is not surprising that it has become a target [yet again] of blackhat attacks.

WARNING: At the time of writing the front page of phpnuke.org still contains the malicious iframe, so we advise users to stay away from the site until it has been fixed.

Read Snype's entire article @ phpnuke-install.com

Combining a cross-site scripting (XSS) vulnerability with a TinyURL redirect, hackers successfully broke into the infrastructure for the open-source Apache Foundation in what is being described as a “direct, targeted attack.”

The hackers hit the server hosting the software that Apache.org uses to it to track issues and requests and stole passwords from all users. The software was hosted on brutus.apache.org, a machine running Ubuntu Linux 8.04 LTS, the group said.

The passwords were encrypted on the compromised servers (SHA-512 hash) but Apache said the risk to simple passwords based on dictionary words “is quite high” and urged users to immediately rotate their passwords. ”In addition, if you logged into the Apache JIRA instance between April 6th and April 9th, you should consider the password as compromised, because the attackers changed the login form to log them,” Apache said.

Read Apache.org hit by targeted XSS attack, passwords compromised

nb1 writes:  

Google has released an open source scanner that allows web application developers to test their applications for security holes. The application, called Skipfish, offers a similar functionality to that of tools such as Nmap or Nessus, but it's said to be much faster. Using fully automated heuristics, it detects code that is vulnerable to cross-site scripting attacks (XSS), SQL and XML injection attacks and many other attack types. The tool's comprehensive post-processing of the individual test results is designed to help with the interpretation of the final report.

Skipfish is a pure C implementation and according to Google, can easily process 2,000 HTTP requests per second – provided the tested server can handle such a high load. In individual tests across local networks, 7,000+ requests per second have reportedly been sent with a modest CPU load and memory footprint.

Google achieves this high performance via a serial I/O model which processes responses asynchronously and is said to offer much better scalability than traditional multi-threaded approaches with synchronous request processing. Optimised HTTP connection handling via features such as HTTP 1.1 range requests, keep-alive connections and data compression are designed to keep Skipfish's network bandwidth requirements in check.

Google says that it uses the scanner to test its own web applications for insecure interfaces. However, Google also points out that the security checks are far from comprehensive and do not satisfy most of the Web Application Security Consortium's (WASC) Web Application Security Scanner Evaluation Criteria criteria.

The latest release of Skipfish is version 1.10 Beta and a list of known issues is available on the project's Google Code page. Skipfish is released under version 2 of the Apache License.

SECUNIA ADVISORY ID: SA39029

VERIFY ADVISORY: http://secunia.com/advisories/39029/

CRITICALITY: Highly Critical

DESCRIPTION: Some vulnerabilities have been reported in Google Chrome, where some have unknown impacts and others can be exploited by malicious people to conduct spoofing attacks and bypass certain security restrictions. Read More...

nb1 writes:  

Symantec has announced that it plans to shut down part of its SecurityFocus security information portal. The company says that only the Mailing Lists, including Bugtraq, and its Vulnerability Database will remain online Starting on the 15th of March, SecurityFocus will begin transitioning its content to the Symantec Connect site.

Founded in 1999, SecurityFocus was acquired in 2002 by Symantec, the company behind another acquisition the popular Norton range of security products. In addition to its various mailing lists and vulnerability database, SecurityFocus maintains a comprehensive collection of articles and papers on a number of security issues. The site has also served as a reliable source for news from security experts on the latest security threats and problems.

Change in Focus, a SecurityFocus news post.

SECUNIA ADVISORY ID: SA38852

VERIFY ADVISORY: http://secunia.com/advisories/38852/

CRITICALITY: Highly Critical

DESCRIPTION: A vulnerability has been reported in Apache HTTP Server, which can be exploited by malicious people to potentially compromise a vulnerable system. For more information see vulnerability #2 in: SA38776

SOLUTION: Fixed in the SVN repository: http://svn.apache.org/viewvc?view=revision&revision=920961

ORIGINAL ADVISORY: http://httpd.apache.org/security/vulnerabilities_20.html

OTHER REFERENCES: SA38776: http://secunia.com/advisories/38776/