Off the wire: Wi-fi security system is ‘broken’

October 19th, 2007 tony Posted in Security No Comments »

(Via Help Net Security – News.)

More holes have been picked in the security measure designed to protect the privacy and data of wi-fi users.

AddThis Social Bookmark Button

Debian Security Advisory – New Linux 2.6.18 packages fix several … – Help Net Security

October 13th, 2007 tony Posted in Distributions, Security No Comments »

(Via linux news – Google News.)

Debian Security Advisory – New Linux 2.6.18 packages fix several
Help Net Security, Croatia - 35 minutes ago
This vulnerability is relevant to the Debian amd64 port as well as users of the i386 port who run the amd64 linux-image flavour.
AddThis Social Bookmark Button

Gentoo Linux Security Advisory – DenyHosts: Denial of Service … – Help Net Security

October 13th, 2007 tony Posted in Distributions, Security No Comments »

(Via linux news – Google News.)

Gentoo Linux Security Advisory – DenyHosts: Denial of Service
Help Net Security, Croatia - 34 minutes ago
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us.
AddThis Social Bookmark Button

Insecure by Default

October 11th, 2007 tony Posted in Security No Comments »

(Via LXer Linux News.)

Guess what, I can walk up to your Ubuntu, PCLinuxOS, Debian, etc desktop installation and take complete control over it without needing a single password. Thats right, root access simply by sitting down at your computer. Why is it nearly every single distro by default leaves this gaping security hole open?

AddThis Social Bookmark Button

Off the wire: Secure your webserver using SSL and TinyCA

October 10th, 2007 tony Posted in Security No Comments »

(Via Help Net Security.)

SSL is especially suited for HTTP since it can provide some protection even if only one side of the communication is authenticated.

AddThis Social Bookmark Button

Ubuntu: xen-3.0 vulnerability

October 9th, 2007 tony Posted in Distributions, Security, Ubuntu No Comments »

(Via LinuxSecurity.com – Security Advisories.)

LinuxSecurity.com: Joris van Rantwijk discovered that the Xen host did not correctly validate the contents of a Xen guests’s grug.conf file. Xen guest root users could exploit this to run arbitrary commands on the host when the guest system was rebooted.

AddThis Social Bookmark Button

Debian: New gforge packages fix cross-site scripting

October 7th, 2007 tony Posted in Security No Comments »

(Via LinuxSecurity.com – Security Advisories.)

LinuxSecurity.com: It was discovered that a cross site scripting vulnerability in GForge, a collaborative development tool, allows remote attackers to inject arbitrary web script or HTML in the context of a logged in user’s session.

AddThis Social Bookmark Button

Mandriva: Updated openssl packages fix vulnerabilities

October 7th, 2007 tony Posted in Security No Comments »

(Via LinuxSecurity.com – Security Advisories.)

LinuxSecurity.com: A flaw in how OpenSSL performed Montgomery multiplications was discovered %that could allow a local attacker to reconstruct RSA private keys by examining another user’s OpenSSL processes (CVE-2007-3108).

AddThis Social Bookmark Button

Ubuntu: OpenOffice.org vulnerability

October 7th, 2007 tony Posted in Security No Comments »

(Via LinuxSecurity.com – Security Advisories.)

LinuxSecurity.com: An integer overflow was discovered in the TIFF handling code in OpenOffice. If a user were tricked into loading a malicious TIFF image, a remote attacker could execute arbitrary code with user privileges.

AddThis Social Bookmark Button