Do you think your wireless communications are secure? Think again. There is a vulnerability built into the WPA2 protocol itself! It's based on abusing the GTK (Group Temporal Key) and can be used to create man-in-the-middle and denial-of-service attacks. Too few people know this.
Read more »WPA2 is vulnerable (hole196)
https://en.wikipedia.org –
Category: High End Tags:
- Login to post comments
Protecting Nagios From Zero-Day Exploits with ModSecurity
http://beginlinux.com –
You have built a rock solid firewall, tested it with nmap scanning for ports that were open, locked down SSH with port knocking, restricted outgoing ports with iptables, setup psad to block attacks, and tcp_wrappers to limit access so you are set right? Well, not exactly....
Read more »
Category: Beginner Tags:
- Login to post comments
Remote Exim Exploit In the Wild
http://it.slashdot.org –
The news comes on the exim mailing list, where a user posted that he had his exim install hacked via remote exploit giving the attacker the privilege of the mailnull user, which can lead to other possible attacks. A note up at the Internet Storm Center reminds exim users how to set up to run in unprivileged mode, and a commenter includes recompile instructions for Debian exim for added safety.
Read more »Category: High End Tags:
- Login to post comments
LinuxCon: Exploits Show Why Linux Is Vulnerable
http://www.esecurityplanet.com –
There is a widely held belief that Linux is a completely secure operating system. But to Brad Spengler of the grsecurity project, the belief is far from accurate. And he has the kernel exploits to prove it.
Read more »
Category: High End Tags:
- Login to post comments
FreeBSD bug gives untrusted root access
http://www.theregister.co.uk –
A security bug in the latest version of the FreeBSD can be exploited to grant unprivileged users complete control over the operating system, a German researcher said Monday.
Read more »Category: High End Tags:
- Login to post comments
Vulnerabilities in several PDF applications
http://www.h-online.com –
Security holes in numerous PDF applications allow attackers to infect systems with malware. Linux distributor Red Hat has already released new packages for these applications, and other distributors are likely to follow soon.
Read more »Category: End User Tags:
- Login to post comments
Mozilla Sort of Bans Microsoft
http://boycottnovell.com –
Microsoft has exposed Firefox users to attacks for many months; Mozilla blocks Microsoft's Firefox "leech"
Read more »Category: Opposition Tags:
- Login to post comments
FreeBSD Local Root Escalation Vulnerability
http://www.darknet.org.uk –
It’s been a long time since we’ve heard about a problem with FreeBSD, partially because the mass of people using it isn’t that large and secondly because BSD tends to be pretty secure as operating systems go.
Read more »Category: High End Tags:
- Login to post comments
Torvalds bashes vendor-sec private Linux security list
http://blog.internetnews.com –
Last week, Linux was tagged with a local NULL pointer flaw that could have led to a privilege escalation issue. Linux founder Linus Torvalds pushed a patch upstream quickly and now that patch is in the Linux 2.6.31 -rc6 milestone.
Read more »Mozilla confirms new crash bug in Firefox 3.5.1 not exploitable
http://mozillalinks.org –
Mozilla has confirmed a crash bug in the latest Firefox 3.5.1 related to how its JavaScript handle certain long Unicode strings that could lead to a crash on Mac OS X, Windows and Linux.
Read more »Category: End User Tags:
- Login to post comments
Buffer overflow in Firefox 3.5.1 not exploitable
http://blog.mozilla.com –
In the last few days, there have been several reports (including one via SANS) of a bug in Firefox related to handling of certain very long Unicode strings. While these strings can result in crashes of some versions of Firefox, the reports by press and various security agencies have incorrectly indicated that this is an exploitable bug.
Read more »Category: High End Tags:
- Login to post comments
Dear Firefox, You Have Non-Windows Users Too
http://www.linuxtoday.com –
A medium-large bit of news this week is a potentially serious exploit in the shiny new freshly-released Firefox 3.5, which was released, discovered, and fixed nearly all at the same time. Another open source security success story! Except for one thing-- no one bothered to report if this dastardly flaw affects Linux.
Read more »Category: Community Tags:
- Login to post comments
Mozilla closes security hole with Firefox 3.5.1
http://www.zdnetasia.com –
Mozilla updated Firefox to version 3.5.1 for Windows, Mac, and Linux on Thursday, fixing a security problem, improving stability, and speeding launch time on some Windows systems, according to the release notes.
Read more »Category: End User Tags:
- Login to post comments
Mozilla Updates Firefox 3.5 for Security, Startup
http://www.internetnews.com –
Mozilla's Firefox 3.5.1 browser is now out with fixes for one critical zero-day vulnerability that first became public earlier this week.
Read more »Category: End User Tags:
- Login to post comments
Linux also affected by hole in Ralink's Wi-fi driver
http://www.heise-online.co.uk –
The flaw discovered in Ralink's Wi-fi drivers for Windows last weekend also affects the Linux drivers – as already suspected. Attackers can exploit the hole to crash a computer remotely or possibly even inject and execute arbitrary code. Debian has released new packages for the rt2400, rt2500 and rt2570 models, but the packages need to be compiled by the user for the time being.
Read more »Category: End User Tags:
- Login to post comments
