This is a nice headline:

"Attackers can use a vulnerability in xterm, the terminal emulator for the X Window system, to execute their commands when the user views a file with a particular escape sequence."

Source: Heise Security

xterm and I have been friends for a long time, and I was quite surprised when I saw an update in my packages list. Can anyone still doubt that application security should be our primal focus area (together with user education)?

On a related note: Yesterday and tomorrow, I'll be at the International Conference on Cyber Security (ICCS2009) in New York City. While having a heavy bias on law-enforcement, there are still some interesting talks.