PostgreSQL patches XML flaws

h-online: A flaw in the built-in XML functionality of PostgreSQL (CVE-2012-3488) and another in its optional XSLT handling (CVE-2012-3489) have been patched, and the developers have released updated versions of the open source database with relevant fixes. The holes being patched are related to insecure use of the widely used libxml2 and libxslt open source libraries and the PostgreSQL developers advise anyone using those libraries to check their systems for similar problems....

August 19, 2012 · 2 min · 333 words · Omid Farhang

Massive SQL injection attack making the rounds—694K URLs so far

Thanks to my friend, Pondus! Ars Technica: Hundreds of thousands of URLs have been compromised—at the time of writing, 694,000 (it’s over millions of site when you are reading this)—in an enormous and indiscriminate SQL injection attack. The attack has modified text stored in databases, with the result that pages served up by the attacked systems include within each page one or more references to a particular JavaScript file....

April 1, 2011 · 3 min · 517 words · Omid Farhang