LinuxSecurity.com: Last week, Apple announced that it is closing a serious security vulnerability in the iPhone. It used to be that the phone's encryption only protected a small amount of the data, and Apple had the ability to bypass security on the rest of it.
LinuxSecurity.com: USB is an acronym for Universal Serial Bus; at least that is what it has stood for since 1999 when it was patented. But now it may take on a new meaning and instead stand for Ultimate Security Breakdown.
LinuxSecurity.com: Updated wireshark packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security [More...]
LinuxSecurity.com: Updated wireshark packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security [More...]
LinuxSecurity.com: John Kane was on a hell of a winning streak. On July 3, 2009, he walked alone into the high-limit room at the Silverton Casino in Las Vegas and sat down at a video poker machine called the Game King. Six minutes later the purple light on the top of the machine flashed, signaling a $4,300 jackpot.
LinuxSecurity.com: RIPS is a tool written in PHP to find vulnerabilities using static source code analysis for PHP web applications. By tokenizing and parsing all source code files RIPS is able to transform PHP source code into a program model and to detect sensitive sinks (potentially vulnerable functions) that can be tainted by user input (influenced by a malicious user) during the program flow.
LinuxSecurity.com: The irony was not lost on Johnny Long. On the silver screen, both hackers and zombies are typically associated with disaster, so the fact that he was at a zombie-themed security conference to speak about hackers making a positive difference in the world seemed satirical.
LinuxSecurity.com: Multiple vulnerabilities has been found and corrected in the Linux
The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel
before 3.14.3 does not properly consider which pages must be locked,
LinuxSecurity.com: Updated bugzilla packages fix security vulnerabilities:
If a new comment was marked private to the insider group, and a flag
was set in the same transaction, the comment would be visible to flag
recipients even if they were not in the insider group (CVE-2014-1571).
LinuxSecurity.com: Updated perl and perl-Data-Dumper packages fixes security
The Dumper method in Data::Dumper before 2.154, allows
context-dependent attackers to cause a denial of service (stack
LinuxSecurity.com: Updated mediawiki packages fix security vulnerability:
MediaWiki before 1.23.4 is vulnerable to cross-site scripting due to
LinuxSecurity.com: We often shift between a phone signal, private internet connections, and public Wi-Fi networks. You pass by your local Starbucks, for example, and the phone remembers you've been there in the past and latches on to its signal-without you thinking too much about it.
LinuxSecurity.com: FBI Director James Comey said Thursday that the recent movement toward default encryption of smartphones and other devices could "lead us to a very, very dark place." Echoing comments made by law enforcement officials for the last several decades, Comey said that the advanced cryptosystems available today threaten to cripple the ability of intelligence and law enforcement agencies to gather vital information on criminals.
That's a lot. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Commenting has been broken for the past few days. We hope to get it fixed on Monday....
Simply patching systems against the Bash/Shellshock vulnerability may not be adequate.......
Cyber security needs to be built into the acquisitions process for battlefield components.......
FBI Director James Comey has admitted that in some cases, his agency does collect information without a warrant.......
A critical vulnerability in Drupal 7.......
South Korea is considering reissuing national ID cards for every citizen following a series of breaches that compromised the current national ID numbers of nearly 80 percent of the country's population.......