Ubuntu Security Notice 2367-1 – For compatibility reasons, OpenSSL in Ubuntu 12.04 LTS disables TLSv1.2 by default when being used as a client. When forcing the use of TLSv1.2, another compatibility feature (OPENSSL_MAX_TLS1_2_CIPHER_LENGTH) was used that would truncate the cipher list. This would prevent certain ciphers from being selected, and would prevent secure renegotiations. This update removes the cipher list truncation workaround when forcing the use of TLSv1.2.
Monthly Archives: October 2014
RBS Change Complet Open Source Cross Site Request Forgery
RBS Change Complet Open Source suffers from a cross site request forgery vulnerability.
Serious Hypervisor Bug Fix Causes Unexpected Cloud Downtime
A number of cloud service providers like Amazon Web Services and Rackspace had to shut some systems down over the weekend to address a critical Xen security vulnerability.
GNU Bash 4.3.11 dhclient Shellshocker
GNU Bash version 4.3.11 environment variable dhclient shellshocker exploit.
HTTP File Server 2.3a / 2.3b / 2.3c Remote Command Execution
HTTP File Server versions 2.3a, 2.3b, and 2.3c suffer from a remote command execution vulnerability.
Support Scammers: Hoping to Reign in Spain?
More about the support scammer trend towards finding victims in Spain who aren’t fluent English speakers.
The post Support Scammers: Hoping to Reign in Spain? appeared first on We Live Security.
Kolibri Webserver 2.0 Buffer Overflow
Kolibri Webserver version 2.0 buffer overflow exploit with EMET 5.0 and EMET 4.1 partial bypass.
Second Same-Origin Policy Bypass Flaw Haunts Android Browser
There is another same-origin policy bypass vulnerability in the Android browser in versions prior to 4.4 that allows an attacker to steal data from a user’s browser.
Facebook set to hand over users’ information to third-party advertisers
Facebook will hand over users’ information to advertisers to enable them to advertise more effectively on third-party portals. This will be done through the Atlas platform that compiles data from the social network and uses it on external websites.
This way, if you click ‘like’ on a clothing website, you will begin to see adverts for similar products when you visit other pages.
So, with the data gathered from Facebook a history of likes and preferences is compiled which helps advertisers identify potential customers.
Advertising on Facebook
Until now, advertising on Facebook was done using cookies that registered your ‘likes’ as you visited other Internet pages. So when you were in Facebook you would be shown adverts in accordance with your preferences.
The aim of this latest methodology is to improve the effectiveness of advertising, and to track people’s preferences on mobile devices, which is what Atlas can do through Facebook.
What do you think? Are we losing privacy with these kinds of initiatives?
More | Android users under attack through malicious ads in Facebook
The post Facebook set to hand over users’ information to third-party advertisers appeared first on MediaCenter Panda Security.
How to keep your child safe on YouTube
YouTube is one of the most popular websites in the world, but can expose younger viewers to inappropriate content. By following these 5 precautionary measures you can keep your child safe from any content that may be unsuitable.
The post How to keep your child safe on YouTube appeared first on We Live Security.
