![]() |
Written by schobes on |
|
![]() |
Written by schobes on |
|
Node.js Package Manager Vulnerability
![]() |
Written by schobes on |
A major vulnerability has been discovered in Node.js package manager (npm). The attack is pretty simple and is detailed in the SOFTPEDIA article. The npm system leaves authors logged in by default and requires you to log out. If someone writes a malicious module and uploads it to NPM, when another user downloads it and is also an author, the malicious package can now upload itself to all the authors module, causing it to spread. Hopefully the team over at Node.js / npm is working on fix. The easiest solution would be to remove the always logged in feature and re-require authentication when uploading modules to the npm registry. |
Oracle Releases 248 CVEs
![]() |
Written by schobes on |
Oracle has released 248 CVEs as part of their Q1 Critical Patch Update. This is most CVEs they have ever released at once. List of affected software.
|
OpenSSH CVE-2016-0777
![]() |
Written by schobes on |
A new OpenSSH security vulnerability has been found and reported as CVE-2016-0777. A feature called "Roaming" was added to the client software of OpenSSH (with no documentation), but has never been implemented on the server side. Because of this, someone could create a SSH server that can get access to client side memory and possibly dump your private keys. It appears that the major Linux distributions have already released patches or are in the process of doing so. It is suggested by David Busby over on Percona's website to do take the following steps to remove the risk. In ~/.ssh/config and /etc/ssh/ssh_config
|
Perl 6 Released
![]() |
Written by schobes on |
As expected, Perl 6 was released for Christmas! While a lot of development is needed to improve support and speed for Perl 6, the language specification was closed on December 25, 2015. |
PHP 7.0 Nearing Release
![]() |
Written by schobes on |
PHP 7.0.0 RC2 was released on Friday. This version of PHP comess with a new version of the Zend Engine (Zend Engine III).
PHP 7.0.0 is scheduled to be released on November 12th 2015. |
LibreSSL 2.2.2 Released
![]() |
Written by schobes on |
A new version of LibreSSL has been released. More and more attention has been provided to OpenSSL since Heartbleed, which is a good thing! While this isn't quite where we need it, we are getting closer to a better and more secure internet. |
Accepting Users and Comments
![]() |
Written by schobes on |
I am pleased to announce that we are now accepting new users to CodeRiot! As a user, you can create your own blog or comment on other user's blog posts. Sign Up - Create an account today!We currently support simple markdown for blog posts and comments. You can link to any site, image on the web or include YouTube videos. If you have any problems, please send an email to webmaster@coderiot.com and I would be glad to assist you. Welcome to CodeRiot! |
Starting with the Blog
![]() |
Written by schobes on |
CodeRiot! is starting as a simple blog where I get to talk about all sorts of programming related material. It will grow into more, but everything has to start somewhere! |
Welcome to CodeRiot!
![]() |
Written by schobes on |
Welcome to the very first article on CodeRiot! Over the coming weeks and months, this website will start hosting well moderated and interesting programming conversations. I look forward to finding and sharing current programming wisdom. Additionally, here at CodeRiot! we will create the best code and project management software available. We are proud believer in Open Source software and always looking to give back to the Open Source communication. To show our dedication to this wonderful community all, products and tools will be available free of charge to anyone developing Open Source software. Welcome to CodeRiot! |