Ubuntu Security Notice 2485-1 – It was discovered that a buffer overflow existed in the gethostbyname and gethostbyname2 functions in the GNU C Library. An attacker could use this issue to execute arbitrary code or cause an application crash, resulting in a denial of service.
Monthly Archives: January 2015
Red Hat Security Advisory 2015-0090-01
Red Hat Security Advisory 2015-0090-01 – The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc’s __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.
GHOST glibc Remote Code Execution Vulnerability Affects All Linux Systems
A critical remote code execution vulnerability in the GNU C library glibc affects all Linux systems going back to 2000.
Data Privacy Day 2015: Respecting privacy, safeguarding data, enabling trust
January 28 is Data Privacy Day, an international acknowledgment of the importance of privacy in an increasingly data-driven world. The key themes of Data Privacy Day this year are: Respecting privacy, Safeguarding data, Enabling trust.
The post Data Privacy Day 2015: Respecting privacy, safeguarding data, enabling trust appeared first on We Live Security.
Marriott fixes Android app exploit that could expose personal data
Marriott International has fixed an exploit in their Android app, that could expose personal details for customers of the hotel chain, highlighted by a security researcher.
The post Marriott fixes Android app exploit that could expose personal data appeared first on We Live Security.
CEBA-2015:0089 CentOS 6 gdbm FASTTRACK BugFixUpdate
CentOS Errata and Bugfix Advisory 2015:0089 Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-0089.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: ff6addf9697a57eca18c2424bc6791648caa99c105f2b8c1c9d6c136b6afd7d3 gdbm-1.8.0-38.el6.i686.rpm a5efc92ffa4f3a35f7cbb8e34dfa4e6eb52a835a8a79db96b7e44c0aa2cded13 gdbm-devel-1.8.0-38.el6.i686.rpm x86_64: ff6addf9697a57eca18c2424bc6791648caa99c105f2b8c1c9d6c136b6afd7d3 gdbm-1.8.0-38.el6.i686.rpm 8ff51f12fff5cdac53e72f0dc757d53a5aa4093b8b0fd704684df9e520639a2a gdbm-1.8.0-38.el6.x86_64.rpm a5efc92ffa4f3a35f7cbb8e34dfa4e6eb52a835a8a79db96b7e44c0aa2cded13 gdbm-devel-1.8.0-38.el6.i686.rpm eb06ba9ec5565e7c6c9971ef6a0289b89ce76461d19571af46730e1e50fd53f2 gdbm-devel-1.8.0-38.el6.x86_64.rpm Source: 161cd66d7663b9f549aee37358060dc32cff2017f62ce853ed9fa096b751a0f2 gdbm-1.8.0-38.el6.src.rpm
It only took a few photos to copy the fingerprint of the Minister of Defense: Could the same happen to you?
The papillary ridges of our fingers define us as unique in the universe. That is why our fingerprints are being used more in the biometric security field; our finger conceals a password that is difficult to steal.
Computers and smartphones are already adopting this technology. The iPhone 6 and Samsung Galaxy S5 incorporate a fingerprint scanner so that you are the only one who can unlock your phone. With this system, you can supposedly rest easy in the knowledge that if your phone is stolen, the thief will be left flabbergasted when he realizes that he cannot access the valuable data stored on it.
However, we are sorry to tell you that there is a way of getting your fingerprint and don’t think that we are going to talk about amputating one of your limbs. A few photos of your finger can now be used to copy every tiniest detail of your fingerprint and impersonate you, as demonstrated by security expert Jan Krissler, alias “Starburg”, in a conference organized by the Chaos Computer Club, one of Europe’s largest hacker communities.
Last year, the Chaos Computer Club announced that it had managed to hack the iPhone 5S fingerprint scanner. Now, they have moved on from hacking the security of the device to hacking the security of a finger, without even needing to have physical contact.
Krissler explained that he had copied the fingerprint of German Defense Minister, Ursula von der Leyen, without needing an object that the politician had touched. All he needed was a few photos taken with a standard camera (one of them from her press office) to discover all of the data that the minister has in her fingerprint. In order to carry out the experiment, he combined various images showing von der Leyen’s finger from different angles.
This hacker used Verifinger, a commercial fingerprint identification software, to clone the minister’s thumbprint using the photos. A simple method for getting the fingerprint of anyone you want.
“After this talk, politicians will presumably wear gloves when talking in public,” said the hacker during the presentation. We do not know if the minister will be as happy about this cloning and will now be obsessed with hiding her hands in future public appearances.
Jan Krissler, who has researched weakness in biometric security systems at the Technical University of Berlin, demonstrated the effectiveness of his method during the conference. This is not the first time that the hacker has demonstrated that the famous biometric techniques, which base their security on unique features of our body (the fingerprint, retina, iris or facial features), are not as secure as we thought. This hacker reproduced in 2008 the fingerprint of the German Minister of the Interior at the time, now Minister of Finance, Wolfgang Schäuble.
According to Krissler, iris, facial and fingerprint scanners can be fooled easily. “I consider my password safer than my fingerprint… My password is in my head, and if I’m careful when typing, I remain the only one who knows it”.
Even our body is no longer a safe place if a hacker has the brilliant idea of copying our features. So, if you have an iPhone, perhaps the next time you use the fingerprint sensor, you will bear in mind that someone could copy your beautiful finger using a few Facebook pictures that show your fingers from different angles. However, you can rest more easily knowing that your data is not as interesting as that of a politician and no hacker is going to take the trouble to copy your fingerprint. Anyone who is not content with that does not want to be.
The post It only took a few photos to copy the fingerprint of the Minister of Defense: Could the same happen to you? appeared first on MediaCenter Panda Security.
Venafi to Launch Certificate Transparency Log
Three weeks after the first non-Google public log for Certificate Transparency was launched by DigiCert, officials at Venafi said that the company plans to debut its own public CT log. On Jan. 1 Google approved the use of DigiCert’s log, the first CT log that is independent and not operated by Google. As part of […]