security

CloudFlare Rolls Out Free SSL

LinuxSecurity.com - Tue, 2014-09-30 04:06
LinuxSecurity.com: In a move that will essentially double the number of SSL-protected sites on the Web in the space of 24 hours, CloudFlare on Monday said that it was enabling SSL for all of its more than two million customers for free.
Categories: linux, news, security

Honeypot Snares Two Bots Exploiting Bash Vulnerability

LinuxSecurity.com - Tue, 2014-09-30 04:05
LinuxSecurity.com: A honeypot run by researchers at AlienVault Labs has snared two separate pieces of malware attempting to exploit the Bash vulnerability.
Categories: linux, news, security

Red Hat: 2014:1319-01: xerces-j2: Moderate Advisory

LinuxSecurity.com - Mon, 2014-09-29 12:07
LinuxSecurity.com: Updated xerces-j2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security [More...]
Categories: linux, news, security

Slackware: 2014-272-01: bash: Security Update

LinuxSecurity.com - Mon, 2014-09-29 12:04
LinuxSecurity.com: New bash packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. [More Info...]
Categories: linux, news, security

Ubuntu: 2365-1: LibVNCServer vulnerabilities

LinuxSecurity.com - Mon, 2014-09-29 08:15
LinuxSecurity.com: Several security issues were fixed in LibVNCServer.
Categories: linux, news, security

NSA Patents Available for License

Schneier on Security - Mon, 2014-09-29 06:02
There's a new article on NSA's Technology Transfer Program, a 1990s-era program to license NSA patents to private industry. I was pretty dismissive about the offerings in the article, but I didn't find anything interesting in the catalog. Does anyone see something I missed? My guess is that the good stuff remains classified, and isn't "transferred" to anyone. Slashdot thread....
Categories: security

Mandriva: 2014:191: perl-XML-DT

LinuxSecurity.com - Mon, 2014-09-29 05:12
LinuxSecurity.com: Updated perl-XML-DT package fixes security vulnerability: The mkxmltype and mkdtskel scripts provided in perl-XML-DT allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_xml_##### temporary file (CVE-2014-5260). [More...]
Categories: linux, news, security

Hacker Group Lizard Squad Takes Down Destiny, Call of Duty, FIFA And More

LinuxSecurity.com - Mon, 2014-09-29 03:55
LinuxSecurity.com: It's been over a full month since hacker collective 'Lizard Squad' rose to notoriety for taking down Sony's PlayStation Network, Xbox Live and other gaming servers, but above all else attracting the FBI's attention for tweeting out a bomb threat to a Sony executive's American Airlines flight, which grounded the plane and launched a nationwide hunt for the group.
Categories: linux, news, security

Shellshock makes Heartbleed look insignificant

LinuxSecurity.com - Mon, 2014-09-29 03:54
LinuxSecurity.com: Somehow there always seems to be another Internet security disaster around the corner. A few months ago everyone was in a panic about Heartbleed. Now the bug called Shellshock (officially CVE-2014-6271), a far more serious vulnerability, is running uncontrolled over the Internet.
Categories: linux, news, security

Slackware: 2014-271-03: seamonkey: Security Update

LinuxSecurity.com - Sun, 2014-09-28 17:47
LinuxSecurity.com: New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues. [More Info...]
Categories: linux, news, security

Slackware: 2014-271-01: mozilla-firefox: Security Update

LinuxSecurity.com - Sun, 2014-09-28 17:46
LinuxSecurity.com: New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues. [More Info...]
Categories: linux, news, security

Slackware: 2014-271-02: mozilla-thunderbird: Security Update

LinuxSecurity.com - Sun, 2014-09-28 17:46
LinuxSecurity.com: New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues. [More Info...]
Categories: linux, news, security

Debian: 3039-1: chromium-browser: Summary

LinuxSecurity.com - Sun, 2014-09-28 10:25
LinuxSecurity.com: Security Report Summary
Categories: linux, news, security

Debian: 3038-1: libvirt: Summary

LinuxSecurity.com - Sat, 2014-09-27 06:53
LinuxSecurity.com: Security Report Summary
Categories: linux, news, security

Ubuntu: 2364-1: Bash vulnerabilities

LinuxSecurity.com - Sat, 2014-09-27 00:15
LinuxSecurity.com: Several security issues were fixed in Bash.
Categories: linux, news, security

Friday Squid Blogging: Squid Fishing Moves North in California

Schneier on Security - Fri, 2014-09-26 16:28
Warmer waters are moving squid fishing up the California coast. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
Categories: security

Bash Shellshock Flaw (September 25, 2014)

SANS NewsBites - Fri, 2014-09-26 15:00

A serious flaw in a software component called Bash is said to be more serious that the Heartbleed vulnerability that was disclosed earlier this year.......

Categories: security

Shellshock Flaw is Being Actively Exploited (September 25, 2014)

SANS NewsBites - Fri, 2014-09-26 15:00

There are reports that attackers have already begun exploiting this flaw to infect vulnerable servers around the world.......

Categories: security

Shellshock May Further Marginalize Open Source Software (September 25, 2014)

SANS NewsBites - Fri, 2014-09-26 15:00

Nicole Perlroth's article in the New York Times tells the story of how Bash and its flaw came to be.......

Categories: security

New Scripting Language Will Limit Permissions (September 25, 2014)

SANS NewsBites - Fri, 2014-09-26 15:00

Researchers at Harvard University are developing a scripting language called Shill that is based on the principle of least privilege.......

Categories: security