A British bank has been trialling a different type of biometrics, allowing their customers to confirm their identity via heartbeat according to the BBC.
The post British Bank trials heartbeat based authentication appeared first on We Live Security.
Monthly Archives: March 2015
[ MDVSA-2015:059 ] nss
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:059 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : nss Date : March 13, 2015 Affected: Business Server 2.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in the Mozilla NSS and NSPR packages: The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate (CVE-2014-1492). Use-after-free vulnerability in the CERT_DestroyCertificate function in li
[ MDVSA-2015:058 ] kernel
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:058 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : kernel Date : March 13, 2015 Affected: Business Server 2.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in the Linux kernel: The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644 (CVE-2013-7421). arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allow
Mozilla Releases Open Source Masche Forensics Tool
Mozilla has released an open source memory forensics tool that some college students designed and built during the company’s recent Winter of Security event. The new tool, known as Masche, is designed specifically for investigating server memory and has the advantage of being able to scan running processes without causing any problems with the machine. […]
MDVSA-2015:059: nss
Multiple vulnerabilities has been found and corrected in the Mozilla
NSS and NSPR packages:
The cert_TestHostName function in lib/certdb/certdb.c in the
certificate-checking implementation in Mozilla Network Security
Services (NSS) before 3.16 accepts a wildcard character that is
embedded in an internationalized domain name’s U-label, which might
allow man-in-the-middle attackers to spoof SSL servers via a crafted
certificate (CVE-2014-1492).
Use-after-free vulnerability in the CERT_DestroyCertificate function
in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used
in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird
before 24.7, allows remote attackers to execute arbitrary code via
vectors that trigger certain improper removal of an NSSCertificate
structure from a trust domain (CVE-2014-1544).
Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x
before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox
before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before
31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2,
Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124
on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does
not properly parse ASN.1 values in X.509 certificates, which makes
it easier for remote attackers to spoof RSA signatures via a crafted
certificate, aka a signature malleability issue (CVE-2014-1568).
The definite_length_decoder function in lib/util/quickder.c in
Mozilla Network Security Services (NSS) before 3.16.2.4 and 3.17.x
before 3.17.3 does not ensure that the DER encoding of an ASN.1
length is properly formed, which allows remote attackers to conduct
data-smuggling attacks by using a long byte sequence for an encoding,
as demonstrated by the SEC_QuickDERDecodeItem function’s improper
handling of an arbitrary-length encoding of 0x00 (CVE-2014-1569).
Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote
attackers to execute arbitrary code or cause a denial of service
(out-of-bounds write) via vectors involving the sprintf and console
functions (CVE-2014-1545).
The sqlite3 packages have been upgraded to the 3.8.6 version due to
an prerequisite to nss-3.17.x.
Additionally the rootcerts package has also been updated to the
latest version as of 2014-11-17, which adds, removes, and distrusts
several certificates.
The updated packages provides a solution for these security issues.
MDVSA-2015:058: kernel
Multiple vulnerabilities has been found and corrected in the Linux
kernel:
The Crypto API in the Linux kernel before 3.18.5 allows local users
to load arbitrary kernel modules via a bind system call for an
AF_ALG socket with a module name in the salg_name field, a different
vulnerability than CVE-2014-9644 (CVE-2013-7421).
arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before
3.17.2 on Intel processors does not ensure that the value in the CR4
control register remains the same after a VM entry, which allows host
OS users to kill arbitrary processes or cause a denial of service
(system disruption) by leveraging /dev/kvm access, as demonstrated by
PR_SET_TSC prctl calls within a modified copy of QEMU (CVE-2014-3690).
arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation
in the Linux kernel through 3.18.1 allows local users to bypass the
espfix protection mechanism, and consequently makes it easier for
local users to bypass the ASLR protection mechanism, via a crafted
application that makes a set_thread_area system call and later reads
a 16-bit value (CVE-2014-8133).
net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before
3.18 generates incorrect conntrack entries during handling of certain
iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols,
which allows remote attackers to bypass intended access restrictions
via packets with disallowed port numbers (CVE-2014-8160).
The Linux kernel through 3.17.4 does not properly restrict dropping
of supplemental group memberships in certain namespace scenarios,
which allows local users to bypass intended file permissions by
leveraging a POSIX ACL containing an entry for the group category
that is more restrictive than the entry for the other category, aka
a negative groups issue, related to kernel/groups.c, kernel/uid16.c,
and kernel/user_namespace.c (CVE-2014-8989).
The __switch_to function in arch/x86/kernel/process_64.c in the Linux
kernel through 3.18.1 does not ensure that Thread Local Storage (TLS)
descriptors are loaded before proceeding with other steps, which makes
it easier for local users to bypass the ASLR protection mechanism via
a crafted application that reads a TLS base address (CVE-2014-9419).
The rock_continue function in fs/isofs/rock.c in the Linux kernel
through 3.18.1 does not restrict the number of Rock Ridge continuation
entries, which allows local users to cause a denial of service
(infinite loop, and system crash or hang) via a crafted iso9660 image
(CVE-2014-9420).
The batadv_frag_merge_packets function in
net/batman-adv/fragmentation.c in the B.A.T.M.A.N. implementation in
the Linux kernel through 3.18.1 uses an incorrect length field during
a calculation of an amount of memory, which allows remote attackers
to cause a denial of service (mesh-node system crash) via fragmented
packets (CVE-2014-9428).
Race condition in the key_gc_unused_keys function in security/keys/gc.c
in the Linux kernel through 3.18.2 allows local users to cause a denial
of service (memory corruption or panic) or possibly have unspecified
other impact via keyctl commands that trigger access to a key structure
member during garbage collection of a key (CVE-2014-9529).
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in
the Linux kernel before 3.18.2 does not validate a length value in
the Extensions Reference (ER) System Use Field, which allows local
users to obtain sensitive information from kernel memory via a crafted
iso9660 image (CVE-2014-9584).
The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel
through 3.18.2 does not properly choose memory locations for the
vDSO area, which makes it easier for local users to bypass the ASLR
protection mechanism by guessing a location at the end of a PMD
(CVE-2014-9585).
The Crypto API in the Linux kernel before 3.18.5 allows local users
to load arbitrary kernel modules via a bind system call for an
AF_ALG socket with a parenthesized module template expression in
the salg_name field, as demonstrated by the vfat(aes) expression,
a different vulnerability than CVE-2013-7421 (CVE-2014-9644).
Off-by-one error in the ecryptfs_decode_from_filename function in
fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel
before 3.18.2 allows local users to cause a denial of service (buffer
overflow and system crash) or possibly gain privileges via a crafted
filename (CVE-2014-9683).
The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel
before 3.18.5, when the guest OS lacks SYSENTER MSR initialization,
allows guest OS users to gain guest OS privileges or cause a denial
of service (guest OS crash) by triggering use of a 16-bit code segment
for emulation of a SYSENTER instruction (CVE-2015-0239).
The updated packages provides a solution for these security issues.
Heimdal blog, 19 Experts, 50+ Security Tips
Heimdal asked a range of security experts for their essential security tips. 19 experts (including David Harley) offered over 50 tips.
The post Heimdal blog, 19 Experts, 50+ Security Tips appeared first on We Live Security.
CVE-2015-1782 (libssh2)
The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet.
CVE-2015-2091 (mod-gnutls)
The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and earlier does not validate client certificates when “GnuTLSClientVerify require” is set, which allows remote attackers to spoof clients via a crafted certificate.
Regin: Is Government Malware Stoppable After All?
What is Regin?
According to Virus Bulletin, we are looking at a multi-staged threat (like Stuxnet) that uses a modular approach (like Flame), a combination that makes it one of the most advanced threats ever detected. Researches show that Regin has been used in espionage campaigns for the last 6 years. This sophisticated backdoor Trojan affects Microsoft Windows NT, 2000, XP, Vista, and 7 and it is able to take control of input devices, capture credentials, monitor network traffic, and gather information on processes and memory utilization.
Regin mainly affects companies, research institutes, governmental organizations, and individuals who have access to networks of special interest. This is why Avira has worked together with the German Federal Office for Information Security (BSI) to add new Regin detection routines to the widely implemented and proven tool Avira PC Cleaner.
How can the Avira PC Cleaner help me?
The tool can now detect the identifiable elements of Regin and remove them from the infected system. “PC Cleaner came about as a result of the German anti-botnet “botfrei.de” initiative which is backed by the BSI. The software was also further developed with the support and know-how of the BSI. Users now have an easy-to-use tool available to them which can track down Regin malware”, explains Dr. Dirk Häger, head of operational network defense at the BSI. If PC Cleaner detects Regin, the affected system can be cleansed and the relevant files quarantined. Even after a successful system cleanup, it is worthwhile running further scans to make absolutely sure that Regin has not infiltrated other areas of the network. This also makes PC Cleaner an early warning tool. If Regin is detected, affected organizations should definitely think about taking further steps to protect their IT infrastructure.
The really unique feature about Avira PC Cleaner is that it doesn’t need to be installed. This means there are no conflicts with other vendors’ antivirus solutions installed on the computer. As such, PC Cleaner gives users the chance to get a second opinion. This is why it is also called a 2nd opinion scanner, although it isn’t a replacement for a fully-fledged antivirus solution. As a result, PC Cleaner is ideal for detecting Regin and for checking the computer for any other malicious software. It is based on the proven malware detection capabilities of Avira antivirus solutions of which there are millions of installs.
The post Regin: Is Government Malware Stoppable After All? appeared first on Avira Blog.