Monthly Archives: April 2015

AVG

Humans the weak link in alleged White House hack

Earlier this week, it emerged that Russian hackers have successfully managed to infiltrate the computer systems at the White House.

Given the highly sensitive nature of information held within any government’s systems, we have to assume that the breach is significant. Although full details of the breach have not yet been made public (and maybe never will) some news sources indicate that President Obama’s schedule was among the information accessed.

It’s hard to see America taking this intrusion lightly, given the history between the countries and I expect to see them double down on security in the coming weeks.

Some are asking questions of the US government’s security policies and rightly so. Although protecting such a vast network of computer systems is a very complex operation. I was not surprised to learn that the attackers gained access to the system via a form of “spear phishing” attack targeting the end user.

Governments, just like any organization, are only as secure as their weakest link. Sadly, when it comes to security the weakest link is always a human. We as people are susceptible to social engineering and as such can unknowingly undermine even the most sophisticated of security technologies.
All hackers need to know is who to target and how – and then they can start to build out a profile of their victim and work out how to target them. It can take a long time but it’s often worth the wait, especially in an attack like this.

It will be interesting to see how this plays out in the coming months.

CentOS

CESA-2015:0797 Moderate CentOS 6 xorg-x11-serverSecurity Update

CentOS Errata and Security Advisory 2015:0797 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-0797.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
c2fd4679818c94231b37771a2ee0f4934ed070b89d5e4cccaf061627ac712f52  xorg-x11-server-common-1.15.0-26.el6.centos.i686.rpm
b47ae8c0ed614fbe01cf2d7d3b5ccc54eee465e34f6316a8d0b0142f701e9501  xorg-x11-server-devel-1.15.0-26.el6.centos.i686.rpm
c3591b182de865ec66facea69145311d38083e81c2a9f701ea4ed1284214413e  xorg-x11-server-source-1.15.0-26.el6.centos.noarch.rpm
2e8321a404f3397662ba2dcd1b5aef5de45e302c7f60da2af3e62385d86bd142  xorg-x11-server-Xdmx-1.15.0-26.el6.centos.i686.rpm
eb6964cba356c52b81e01b5a633c292266e700fb1fcd2b146863110acabb3344  xorg-x11-server-Xephyr-1.15.0-26.el6.centos.i686.rpm
d244b7185569dc8078efe621188dd9922b21de0e343e11b2c41bb9b953a0a589  xorg-x11-server-Xnest-1.15.0-26.el6.centos.i686.rpm
79a99f949e1848d2afab9ee797368397b93a908c38dd23eeaf73babd62365c65  xorg-x11-server-Xorg-1.15.0-26.el6.centos.i686.rpm
30dc530053ebfafd464a1d9d9a5c4322a34c4377adeffdd0086dae950a8ce814  xorg-x11-server-Xvfb-1.15.0-26.el6.centos.i686.rpm

x86_64:
1236a25955331cd9762244a2dfac96ef0658e00beb85c2c7532b72b92a5e81e4  xorg-x11-server-common-1.15.0-26.el6.centos.x86_64.rpm
b47ae8c0ed614fbe01cf2d7d3b5ccc54eee465e34f6316a8d0b0142f701e9501  xorg-x11-server-devel-1.15.0-26.el6.centos.i686.rpm
02fc07149157759d17203e9f203eaf929905a0e8a810486500ed22540e6a62bc  xorg-x11-server-devel-1.15.0-26.el6.centos.x86_64.rpm
c3591b182de865ec66facea69145311d38083e81c2a9f701ea4ed1284214413e  xorg-x11-server-source-1.15.0-26.el6.centos.noarch.rpm
b7ca5c833135233e8df38af88f2b212fad3e3002088b48789d1891e01a340c48  xorg-x11-server-Xdmx-1.15.0-26.el6.centos.x86_64.rpm
5cd56c84ada8cb3f58f837edc6615ea2545fc60e109ca6f57cefe6c27c614556  xorg-x11-server-Xephyr-1.15.0-26.el6.centos.x86_64.rpm
1ae60c28a1476b170e7a0a0d9a2ad12640f343b17d75914e52b17225d81f9daa  xorg-x11-server-Xnest-1.15.0-26.el6.centos.x86_64.rpm
7adb23f22866f0963ad5953052027003ffc7eacee5e4eb1a824c6f6f3ce76ab8  xorg-x11-server-Xorg-1.15.0-26.el6.centos.x86_64.rpm
3efe9af13098a103f6d7f92348c212ff34719bcba7da3d95d8c8a8abc64d685e  xorg-x11-server-Xvfb-1.15.0-26.el6.centos.x86_64.rpm

Source:
c60a3823b27528024933d542a395743fd1b45e293eaa463bb4e41bb3b62914a3  xorg-x11-server-1.15.0-26.el6.centos.src.rpm
CentOS

CESA-2015:0797 Moderate CentOS 7 xorg-x11-serverSecurity Update

CentOS Errata and Security Advisory 2015:0797 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-0797.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
9a513894b013da425a310f70ef2cd51366c0589bc373064244ad377af3dd5a4c  xorg-x11-server-common-1.15.0-33.el7_1.x86_64.rpm
2c70206944b33221b458d73a433d09e03a245b7588b6336d174e03b415ae2b31  xorg-x11-server-devel-1.15.0-33.el7_1.i686.rpm
5d95103ad40a8d267155635b5caa711fc0c5babdd4afd8d4c71f9060c5e0c7ae  xorg-x11-server-devel-1.15.0-33.el7_1.x86_64.rpm
da352e8d7e9233902b8cbf23e110490a150badff8769b7ead55d85ca9750b723  xorg-x11-server-source-1.15.0-33.el7_1.noarch.rpm
3d7df2d9538974e18ebc15544478264566639636fcfe83a5d74226ad47f087b2  xorg-x11-server-Xdmx-1.15.0-33.el7_1.x86_64.rpm
457439475e9c9b3d1404f9c7871d8e9ba6f39bc6f59ac7116af49f117085d222  xorg-x11-server-Xephyr-1.15.0-33.el7_1.x86_64.rpm
36e1cceadcd4ee2c8aa653203e53011a273e2db634611e59a09df9eb0238a7a3  xorg-x11-server-Xnest-1.15.0-33.el7_1.x86_64.rpm
0950a666527abf801af14afd1347ffd04d13e94d8da82e58e8b6621b4044b737  xorg-x11-server-Xorg-1.15.0-33.el7_1.x86_64.rpm
a0db62e25ad3c9bee5fad4b5272d4a68610f511bfb09e03a92a656cf30c26898  xorg-x11-server-Xvfb-1.15.0-33.el7_1.x86_64.rpm

Source:
b8107d5baa5ccea33bc4c837b8dacd889dc79d9d2ab91a1610a4d449a712d293  xorg-x11-server-1.15.0-33.el7_1.src.rpm
Full Disclosure

SEC Consult SA-20150410-0 :: Unauthenticated Local File Disclosure in multiple TP-LINK products (CVE-2015-3035)

Posted by SEC Consult Vulnerability Lab on Apr 10

SEC Consult Vulnerability Lab Security Advisory < 20150410-0 >
=======================================================================
title: Unauthenticated Local File Disclosure
product: Multiple TP-LINK products (see Vulnerable / tested versions)
vulnerable version: Multiple (see Vulnerable / tested versions)
fixed version: see Solution
CVE number: CVE-2015-3035
impact: Critical…