Shell Attack On Your Server: Bash Bug ‘CVE-2014-7169’ and ‘CVE-2014-6271’

Posted by:

bashbug and shellshockA serious vulnerability has been found in the Bash command shell, which is commonly used by most Linux distributions. This vulnerability – designated asCVE-2014-7169- allows an attacker to run commands on an affected system. In short, this allows for remote code execution on servers that run these Linux distributions

Whats the bug (vulnerability)?

The most popular shell on *nix environments has ...

Read More →
0

Covert Redirect Is Just a Flaw It’s Not Another Heartbleed

Posted by:

covert redirect is no heartbleedBut That Doesn’t Mean Its Not A Problem

On Friday, a PhD student at the Nanyang Technological University in Singapore, Wang Jing, published a report focused on a method of attack called “Covert Redirect,” promoting it as a vulnerability in OAuth 2.0 and OpenID. Yet Jing’s contention of security flaws in OAuth and OpenID has serious flaws of its own, according ...

Read More →
0

Heartbleed: Researchers Claim That 95% Of Detection Tools Are Flawed

Posted by:

heartbleed bug tools flawed

You’re Not Out Of The Woods Yet….

If you’ve used one of the free Heartbleed checker tools on the Internet and your site came up “clean” for Heartbleed, you might think again before you breath a sigh of relief.  There’s a good chance you haven’t really checked everything and there’s an even better chance your sites not free from exposure.

Some tools designed to detect the Heartbleed vulnerability are flawed and ...

Read More →
0

New Red Herring Honeypot Fights Heartbleed

Posted by:

red herring honeypotWASHINGTON: US cybersecurity researchers have developed a technique that fights the ‘Heartbleed’ virus, and detects and entraps hackers who might be using it to steal sensitive data.

The Heartbleed bug, which became public last week, has set alarm bells ringing across the globe, including in India, for fear of exposing millions of passwords, credit card numbers and other sensitive information to hackers.

Researchers at The University of Texas at Dallas ...

Read More →
0

Akamai Heartbleed Patch – Not So Much!

Posted by:

Heartbleed Patch - Akami

Since Akami handles almost 1/3 of the Internet’s traffic so their patch that didn’t patch so much is a big deal.

Akami’s patch was supposed to have handled the problem. Turns out it protects only three of six critical encryption values.

Writing on his company’s blog Sunday night, Akamai chief security officer Andy Ellis said that while he had believed the Akamai Heartbleed patch fully fixed the issue, a security researcher ...

Read More →
0
})
SEC Cybersecurity Exams