Dreamhost, one of the interwebs most popular hosting providers has recently forced a password change on all it's users account due to possible unauthorised client data access.
Dreamhost's Twitter feed excerpt;

Last night we detected some unauthorized activity within one of our databases. While we don't have evidence that customer passwords were taken at this time, we're forcing a change out of caution. Please login to our web panel and change any passwords you may have  Read More...

We have today identified a vulnerability in all known versions of NukedGallery, specifically the 'port' of Gallery 2 for PHP-Nuke / RavenNuke.
Under certain circumstances, limitations set by a hosting provider trigger the vulnerability, which can disclose sensitive information.

Code Authors clients whom we have installed this script for have already had their sites modified free of charge to prevent this information disclosure and fix a weakness in the ported Gallery 2 script.  Read More...

 block spam auto register security

We have just come across an interesting website that provides it's user with an anonymous webmail facility. Nothing particularly new there but this new site boasts that it's system can auto click registration confirmation links!
Of course for those of us that use CAPTCHA's, a real human is still required to log-in to auto registered accounts. Even so, to help reduce the risk of spam or other abuse, we highly recommend you ban the domain mailnesia.com as soon as possible. They also  Read More...

Today I have recieved SPAM from php-nuke.org
I have examined the mail headers and am perfectly satisfied this is genuine spam sent from info AT php-nuke.org The email contains links to various products, services and social networking sites. Anchor text shows the links as downloads.phpnuke.org but the links in fact go to a completely different website.

It is apparent that in order to send these emails, a third party has gained access to the members list.

You heard it here first!
Those of you using Googles new browser 'Chrome' should be aware that the browser (at the time of writing this) will allow the user to arbitrarily download executable files without prompting you or issueing any other warning that the file is being downloaded.
This has been reported to Google and we await their patch.

SECUNIA ADVISORY ID:SA30779
VERIFY ADVISORY:http://secunia.com/advisories/30779/
Moderately critical
IMPACT:Cross Site Scripting
WHERE:From remote
SOFTWARE:HTML Purifier 2.x http://secunia.com/product/19145/
HTML Purifier 3.xhttp://secunia.com/product/19146/
DESCRIPTION:
Two vulnerabilities  Read More...