E-Mail:

Security

Author Avatar

Exploit code released for Nvidia flaw

Alright, so is this Nvidia code bug fixed or isn’t it? From what I am seeing, it appears that there are some conflicting reports.
Exploit code has been published for a security flaw in Nvidia’s Linux graphics driver that could let a remote intruder take over a system.
The proof-of-concept code shows how an attacker could launch […]

Author Avatar

Linux worm turns on Mambo and PHP

Hey Mambo and PHP users, you might want to make yourself aware of the security alert going around with regard to a nasty Linux worm working its way through certain systems.

Author Avatar

What Will Apple Do When the Malware Comes?

For the most part, the idea of malware in Linux and OS X has been all but laughable. Still, I would challenge folks to tell me that having an outbreak in the future would be impossible. Sure, we do have that great Unix-styled security with limited access by default. But who’s to say what the […]

Author Avatar

Windows - unsafe on any network

Personally, I think it’s unbelievable how unaware some folks are when it comes to now securing an OS properly. The article below really sums it all up I think…

Author Avatar

ClamAV hole sees Linux vendors rush out updates

I suppose some might argue that this is what we should expect from an Open Source antivirus. Speaking for myself, I think it could happen to any antivirus app…

Author Avatar

Novell SUSE Linux Enterprise Server Remote Manager Heap Overflow

I can’t get the current iDefence vulnerabilities page - I suspect it is because there are far too many people trying to get that page served to them (to do my part I’ve stopped trying to get it…) This info is from the e-mail that was sent to the mailing list. Sorry about […]

Author Avatar

Linux/BSD still exposed to WMF exploit through WINE!

George Ou writes on ZDNet.com Blogs,
While news of Microsoft’s official patch for the WMF exploit reaches the web, I just received an email from H D Moore (founder of the metasploit project and creator of the original proof-of-concept WMF exploit code) that WINE was still vulnerable to the WMF exploit. He was kind enough […]

Author Avatar

Opera Command Line URL Shell Command Injection

Secunia Advisory: SA16907
Critical: Highly critical -
Impact: System access -
Where: From remote -
Solution Status: Vendor Patch -
Software: Opera 7.x, Opera 8.x

Secunia Research has discovered a vulnerability in Opera, which can be exploited by malicious people to compromise a user’s system.

The vulnerability is caused due to the shell script used to launch Opera parsing shell commands that are […]

Author Avatar

Nine principles of security architecture

Apparently getting into the groove with security architecture is not as cut and dry as we once thought?

Author Avatar

Linux Real, HelixPlayer Users at Risk

Well, this certainly blows. Apparently the Real Player for Linux has some flaws that could spell trouble for ‘Joe-User’ out there. With any luck, the flaw will be fixed here soon. Until then, I think that I will skip over this myself.

Author Avatar

Peter van der Linden’s Guide to Linux: A Lesson in Encryption, Part 1

With most people, when they think encryption, they think of things like PGP encryption. But how many of us truly understand it? Not as many as we might like to think apparently. Good thing there are guides like this to help us along the way.

Author Avatar

Thunderbird Command Line URL Shell Command Injection

A vulnerability has been discovered in Thunderbird, which can be exploited by malicious people to compromise a user’s system.
The vulnerability is caused due to the shell script used to launch Thunderbird is parsing shell commands that are enclosed within backticks in the URL provided via the command line. This can e.g. be exploited to execute […]

Author Avatar

Mozilla Command Line URL Shell Command Injection

“Secunia Advisory: SA16846
Critical: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Mozilla 1.7.x
A vulnerability has been discovered in Mozilla Suite, which can be exploited by malicious people to compromise a user’s system.
For more information: SA16869
This vulnerability can only be exploited on Unix / Linux based environments.
The vulnerability has been confirmed in version 1.7.11. Other versions […]

Author Avatar

Firefox Command Line URL Shell Command Injection

“Secunia Advisory: SA16869
Critical: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Mozilla Firefox 1.x

Author Avatar

No magic bullet for security

I am too tired today and will refrain from getting onto my soapbox. I will say for the record that while MS works hard at using the word security, they still need to do something about their own track record before most people will ever take them seriously when compared to OSS in the security […]

Author Avatar

Symantec to unveil security intelligence tools

As concerns of Internet and system security continues to rise, it seems like Symantec is ready to step up the plate with an answer of their own. How does Linux play into this? Just read on to find out…

Author Avatar

Hardening Your Linux Box

One of the hottest debates of late is about the security of Windows vs. the security of Linux. Personally, I think it’s becoming an argument of semantics. Yes, an unpatched box of either flavor is bound to get nailed at some point in time. In fact, anything you connect to the Internet without proper security […]

Author Avatar

KDE KMail User Interface Spoofing Vulnerability

“Secunia Advisory: SA14925
Critical: Less critical
Impact: Spoofing
Where: From remote
Solution Status: Unpatched
Software: KDE 3.x
Noam Rathaus has discovered a vulnerability in KMail, which can be exploited by malicious people to conduct spoofing attacks.
The vulnerability is caused due to an error where HTML code can overlay part of the user interface. This can e.g. be exploited to trick a user […]

Author Avatar

Linux Kernel Multiple Vulnerabilities

“Secunia Advisory: SA14713
Release Date: 2005-03-29
Critical: Moderately critical
Impact: Exposure of system information, Exposure of sensitive information, Privilege escalation, DoS, System access
Where: From remote
Solution Status: Vendor Patch
OS: Linux Kernel 2.4.x, Linux Kernel 2.6.x
Multiple vulnerabilities have been reported in the Linux kernel, which can be exploited to disclose information, cause a DoS (Denial of Service), gain escalated privileges, or […]

Author Avatar

Konqueror Download Dialog Source Spoofing

“Secunia Advisory: SA13717
Critical: Less critical
Impact: Spoofing
Where: From remote
Solution Status: Unpatched
Software: Konqueror 3.x
Secunia Research has discovered a vulnerability in Konqueror, which can be exploited by malicious people to spoof the source displayed in the Download Dialog box.
The problem is that long sub-domains and paths aren’t displayed correctly, which therefore can be exploited to obfuscate what is […]