Unspecified vulnerability in HP Operations Orchestration 10.x allows remote attackers to bypass authentication, and obtain sensitive information or modify data, via unknown vectors.
Monthly Archives: March 2015
[ MDVSA-2015:186 ] phpmyadmin
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:186 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : phpmyadmin Date : March 31, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: A vulnerability has been discovered and corrected in phpmyadmin: libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests (CVE-2015-2206). This upgrade provides the latest phpmyadmin version (4.2.13.2
[ MDVSA-2015:185 ] dokuwiki
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:185 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : dokuwiki Date : March 31, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated dokuwiki packages fix security vulnerabilities: inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call (CVE-2014-8761). The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted namespace in the ns parameter (CVE-2014-8762). DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows r
How to withdraw money safely without a credit card
We have been warned many times, advised to hide the hand while dialing our secret number when withdrawing money from an ATM. However, cloning credit cards or phishing is a criminal offense that doesn’t require the cybercriminal’s physical presence to access numbering scheme, expiration date and CVC number.
The methods used by criminals include, fake emails from the alleged entity asking to change the passwords or enter the pin, or hacked POS terminals which transfer the customers banking information. Once duplicated, card can also become a commodity between criminals, dealing with them in an online black market.
Neither the traditional magnetic stripe nor the latest chip installations have managed to slow down cloning. This latest technology seemed promising: it generates a unique code for each transaction, which hinders fraud.
Nevertheless, security experts at Cambridge University demonstrated that data phones and ATMs fail when producing random numbers. Actually, it can be predicted applying the needed methods.
Banks are looking for alternatives to protect their customers from possible attacks. The latest idea is eliminate credit cards (if something creates problems, what a better solution than to wipe it away) and replace them with mobile phones. If we are already able make transactions with our smartphone, why wouldn’t we be able to withdraw money?
BMO Harris Bank, one of the subsidiaries of Bank of Montreal Canadian, has launched the biggest ATMs network that uses this new system. In order to use them you don’t need to remember any password, or cover your hand while dialing the pin with the other one.
The entity’s customers only have to take out their mobile phone, download and register in to the banking application Mobile Cash. What follows it is nothing like the traditional method, of pressing the machine’s keys or the screen.
The app asks the user the amount he wants to withdraw and only saves the banking details during the communication with the ATM, where he must select the option Mobile Cash.
Then the machine generates a QR code, like the ones airlines or concerts halls use. Simply hold the smartphone so it reads the QR code and automatically orders the withdrawal.
Those who are for this system, maintain that it will speed up transactions and it ensures safety, since the mobile tool doesn’t store any banking information on your phone permanently.
A cybercriminal has to access your mobile phone and get the password you use in the banking application to freely manage the money in your account. Although some banks believe this is not an easy process, the issue may raise a number of concerns.
Every day we discover new cases of apps that without the user’s permission access certain personal data, information stored on other features and smartphones vulnerabilities and backdoors. How can an application guarantee complete security?
Withdrawing money through our smartphone is still not available worldwide. But when the possibility arrives we will have to analyze the possible consequences it may carry. Convenience and speed in transactions are not the only things that matters.
The post How to withdraw money safely without a credit card appeared first on MediaCenter Panda Security.
Stop what you’re doing and back up your work
Today, we celebrate World Backup Day with a reminder of how important it is to back up our data.
Data loss can occur when least expected, and it’s a shame that so many irreplaceable digital memories are lost. For businesses, it can be costly – the kind of costs that can close the doors!
So take the pledge today, and then get busy.
“I solemnly swear to back up my important documents and precious memories on March 31st.”
What is a backup?
A backup is a second (and sometimes third) copy of all your important files — for example, your family photos, home videos, documents and emails. It’s not something you do once a year and forget about; a good backup plan will be continuous and include multiple layers to not only recover your data but also include steps for data preservation.
The rule of thumb for backing up is
- 3 copies of anything you care about – Two isn’t enough if it’s important.
- 2 different formats – Example: Dropbox + DVDs or Hard Drive + Memory Stick or CD + Crash Plan, or more
- 1 off-site backup – If the house burns down, how will you get your memories back?
Experts advise that you store two copies of your files in external storage media. That can be a local drive on your computer, an external hard drive, you could print documents, burn a DVD, etc. You can backup important files or your entire computer. Another copy should be kept off-site. Many people use an “online drive” like Drop Box or Google Drive. “Cloud” backups are great for people who want to keep only their most important documents safe because there is usually only a certain amount of storage that’s free.
Don’t forget to back up the data on your mobile devices
Thirty seven percent of respondents we surveyed said they do not back up their data. Don’t wait until your device is lost or destroyed – today is the day to do your first backup!
If you have an Android mobile phone or tablet, install our free Avast Mobile Backup to back up your contacts, call logs, SMS text messages, and other data to your Avast account or Google Drive.
Why people don’t back up their mobilephones and other facts
Devastation. The feeling you get when you realize your mobile phone is missing. All those photos, contacts, and other stuff – gone forever. Why? Because it wasn’t backed up.
Just in time for World Backup Day, Avast conducted a global survey to find out whether or not people back up data on their mobile devices. We received responses from 288,000 users in countries including the United States, Germany, India, Mexico, and Russia.
In order to get an idea of which kinds of data users store on their devices, we began the survey by asking respondents for what purposes they use their mobile devices aside from making calls and sending text messages.
In response, we found that two out of ten people use their mobile device to take photos, 18% browse the Internet, 17% listen to music/watch videos, and 16% use social networking apps like Facebook and LinkedIn.
Why do people not back up their data?
Put simply, most people don’t think it is necessary to back up their data. Globally 36% and nearly half of Russian’s do not think it is necessary (48%).
Almost a quarter of the world attributes not backing up their data to laziness (24%). Thirty-two percent of Indian people admit that they are too lazy to do a back up.
Thirty-six percent of British respondents claimed not to back up their data because they believe their data is not valuable, compared to only 22% of global respondents citing this as their reason for not backing up their mobile data.
What is more valuable to mobile users: hardware or data?
Now that we established that lots of people don’t care about their data, are too lazy to prevent its loss, or don’t think its worth the trouble, we then asked users what they would be more upset about losing: their data (that has not been backed up) or their device (the hardware).
Globally, 64% of people would be more upset about losing their data that has not been backed up rather than the device itself. Respondents in Mexico backed up this claim most significantly, with 78% of Mexican users claiming they would be more upset about losing their data than losing their hardware.
Which data are people worried about losing?
Across the board, users were most heavily concerned about losing the contacts stored on their mobile device (25%) and photos (21%). Despite these concerns, 37% of respondents said they do not back up their data. Brazilians are the least likely to back up their data (45%), yet 64% of Brazilians would be upset about losing it.
Why you should back up your mobile data
We use our mobile devices to make important calls, capture valuable moments, browse the web, to use our favorite apps and so much more. Anything can happen to your mobile device in a split second; it could fall into the toilet, go missing (either through loss or theft) or even get run over by a car! Yet, as we discovered, many do not back up the data they consider indispensable.
How to back up your data
You can back up your data in many ways: by connecting your mobile device to a PC (like nearly one-third of global users do. See below.), connect to a Cloud service (like Dropbox, iCloud, or Google Drive) or use a mobile back up app like Avast Mobile Backup.
When people actually do back up their data, how do they go about it?
The majority of those who do back up their data back it up on a monthly basis (41%), while another 8% back it up on a daily basis.
Most people back up their data by connecting to a PC (32%) — only 17% back up their data to the Cloud. When we inquired about this difference in numbers, 46% of users expressed their reluctance to back up to the Cloud due to privacy concerns. Germans were the most concerned about their privacy when it came to Cloud back up (61%), with Spanish (58%) and American (57%) respondents close behind them.