LinuxSecurity.com: USN-612-3 addressed a weakness in OpenSSL certificate and keys generation in OpenVPN by adding checks for vulnerable certificates and keys to OpenVPN. A regression was introduced in OpenVPN when using TLS and multi-client/server which caused OpenVPN to not start
LinuxSecurity.com: Matt Zimmerman discovered that entries in ~/.ssh/authorized_keys with options (such as "no-port-forwarding" or forced commands) were ignored by the new ssh-vulnkey tool introduced in OpenSSH (see USN-612-2). This could cause some compromised keys not to be listed in ssh-vulnkey's
LinuxSecurity.com: Stephen Gran and Mark Hymers discovered that some scripts run by GForge, a collaborative development tool, open files in write mode in a potentially insecure manner. This may be exploited to overwrite arbitary files on the local system.
LinuxSecurity.com: I am assuming that you already know how to set up an encrypted file system using cryptsetup with luks (or something else). There are several howtos. I am also assuming that you are familiar with LVM2. This tutorial deals
LinuxSecurity.com: Like many Internet addicts, I have way too many user name/password accounts to remember: accounts on social-networking sites, rarely used logins at work, on-line banking and so on. One solution to this problem is to use the same user
A vulnerability has been reported in the Site Documentation module for Drupal, which can be exploited by malicious people to disclose sensitive information. The module displays data from arbitrary tables in the database. This can be exploited to e.g. get
MajnOoNxHaCkEr has discovered a vulnerability in Fusebox, which can be exploited by malicious people to disclose sensitive information and to compromise a vulnerable system. Input passed to the "FUSEBOX_APPLICATION_PATH" parameter in fusebox5.php is not properly verified before being used to
Russ McRee has reported a vulnerability in phpVID, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "query" parameter in search_results.php is not properly sanitised before being returned to the user. This can
The Asprox botnet, a relatively small botnet known mainly for sending phishing emails, has been spotted in the last few days installing an SQL injection attack tool on its bots. The bots then Google for .asp pages with specific terms
UPDATE: For more on this issue, check out this post.] I'm a firm believer in the idea that if you pay for hardware, you should be able to make full use of it. However, DRM and content protection mechanisms are
So, for those who haven't heard, a Debian packager modified the source used for OpenSSL on Debian based systems Debian and the whole of the Ubuntu family to remove the seed used for PRNG Pseudo Random Number Generator used when
Notable headlines: Larry Dignan: Comcast buys Plaxo: Will social networking and TV fly? Dennis Howlett: Comcast scoops up Plaxo: good move Dan Farber: Comcast goes social with Plaxo acquisition Techmeme EIC podcast: HP-EDS; Google; SaaS Adrian...
According to good friend Robert McMillan of IDG News, Sebastian Muniz, a researcher with Core Security Technologies, has developed malicious rootkit software for Cisco's routers, which he will release on May 22 at the EuSecWest conference in London. This will
Nitesh Dhanjani released information about some of his newest research on the Safari web browser this morning, and interestingly enough, Apple has decided NOT to fix some of the issues he presented. Dhanjani reported three issues, as follows below from
