Is your cell phone vulnerable?

Recently, it was disclosed that a malformed JPEG image could allow a remote attacker to execute arbitrary commands on a MOTOROLA RAZR phone firmware.

A corrupt JPEG received via MMS can cause a memory corruption which can be leveraged to execute arbitrary code on the affected device.

So some user interaction is required — accepting the MMS. However, people by and large generally trust image files so that isn't a difficult social engineering challenge.

Perhaps we'll see this JPEG exploit used to simplify unlocking older Razrs. Jailbreaking the iPhone was simplified by a TIFF handling exploit after all.

However, next time that cute chick you met on myspace sends you an "Picture"- Think twice about opening it.

Wordpress SQL injection

Today it came out that there is yet another SQL injection in WordPress Blogs.


This code exploits the Wordpress Plugin Upload File, and allows an attacker to execute an arbitrary command on the hosting machine. If you host your Blog Locally, this is an enormous problem! The exploit (Discovered by a russian hacker http://eserg.ru ) ,  is one of a myriad of security issues recently exposed by Hackers- leaving bloggers worldwide vulnerable.  

What is a Arbitrary Command?
   This is when an attacker is able to exploit a security vulnerability in a program, to execute commands on YOUR computer. For example, in this case, By simply executing this SQL query
null/**/union/**/all/**/select/**/concat(user_login,0x3a,user_pass)/**/from/**/wp_users/*
On your server- he is able to add/remove users, Delete Files, and install any number of viruses.

Be on the lookout in the next week for a patch from www.wordpress.com/www.wordpress.org