Posts

Showing posts from 2014

SSL 3.0 POODLE Vulnerability

Shellshock Update

The Shellshock Vulnerability ( CVE – 2014 – 6271/7169) has been rated as a 10/10 for criticality and therefore should be addressed as soon as possible.  To remedy the issue you will need to first work out which systems are affected and apply the relevant vendor patches.

Any system running a linux or linux based OS could potentially be at risk, including some versions of OS X, therefore keep in mind all appliances as well as servers and workstations when investigating your estate.
Most vendors have by now issued statements as to the current status of their products so visiting the vendor websites is always a good place to start.

Visit this site to find out more information and how to test for the vulnerability.

https://www.cert.gov.uk/resources/alerts/update-bash-vulnerability-aka-shellshock/

ShellShock - Fortinet's Response

Fortinet's Response to Shellshock vulnerability.

What is Shellshock?

Shellshock is a vulnerability discovered in the ubiquitous GNU Bourne Again Shell (Bash) program which can allow an attacker to remotely execute arbitrary code on a target system. Bash is commonly used in many Linux, Unix and Mac OS X operating systems. It also likely impacts Apple's iOS mobile operating system and Google's AndroidOS.

Who is affected?
While Bash is a local shell, it is used in many programs on the Internet to set environment variables which are then used in the execution of other programs.

How does it work?
Programs often use environment variables in their operations. If specially crafted extra code is added inside an environment variable, the operating system will execute that code. For example:

Should I be worried?
If you are the owner or maintainer of a server or other Internet infrastructure, you should patch your machines as quickly as possible. The nature of this exploit is such that it wou…

HeartBleed Vulnerability

It's been quite a while since a vulnerability like this has been uncovered.  There is no doubt that this is a serious one and it affects many products.  What makes this a problem is not only that it has serious consequences, but also that it isn't that hard to exploit.  Affected versions of OpenSSL have also been around for a long time since around April 2012 meaning the impact up to now is unknown.
Recommendations are to patch the affected products, renew certificates and ensure users change their passwords.

OpenSSL versions 1.0.1 - 1.0.2.  OpenSSL advise Affected users should upgrade to
OpenSSL 1.0.1g and users unable to immediately upgrade can opt to recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.  1.0.2 will be fixed in 1.0.2-beta2.

The list below are links to some of the affected products.  There are many more.

VMWare
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2076225

Fortinet
http://www.fortiguard.com/advisory/FG…

If you are still running Windows XP then you should migrate.

As we know, many home users and businesses are still running Windows XP as their Desktop Operating System. With support for Service Pack 3 ending in April this year (2014), the likelihood of increased malware and virus' is very high on these systems. This information should not be taken lightly, due to the very real threat which will continue to rise the older the Operating System gets. If a vulnerability is found and remains un-patched then businesses will be taking unnecessary risks. When support is discontinued there will be no patches so the security holes will remain open waiting to be exploited. Contrary to what many believe, this isn't Microsoft looking for ways to make more money. XP is three generations old if you count Vista, Windows 7 and now Windows 8. It's time to upgrade Windows or Migrate to a different OS completely.

Credit Card Fraud Warning

I received a voicemail, then text then a call to my home phone from the bank to call them. I verified the number was legit and contacted the bank. They didn't ask any questions but were able to verify my recent transactions so were genuine. However twenty minutes prior to the call someone had placed an order on Play.com for £500 using my details. Luckily for me the bank had the sense to block the transaction and contact me. I had to cancel my card. I decided to contact Play.com to tell them what had happened and after some cross referencing they could see that an order had been placed on a very recently created account using my bank details, but a different delivery address. The customer services lady was a bit shocked when she then cross referenced the delivery address to find that six other orders using other peoples details had also been placed today for delivery to that address. Unfortunately for those people it looks as if the transactions had at that point completed. …

Yahoo Email Security Breach

Click here to read the article. Yahoo Mail Breach