Monthly Archives: May 2015

Avast

Wise up and get smarter with your data

Most of us can agree that we don’t want our personal data falling into other people’s hands. This may seem like an obvious concept, but with the amount of data we regularly share online, it’s not such an uncommon occurrence that our information is wrongfully passed onto others. In this clever video published by Facebook Security, we learn how to nip scams in the bud and prevent others from tricking us into sharing personal information.

// <![CDATA[
(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = “//connect.facebook.net/en_US/sdk.js#xfbml=1&version=v2.3”; fjs.parentNode.insertBefore(js, fjs);}(document, ‘script’, ‘facebook-jssdk’));
// ]]>

Ever had someone approach you online saying they are a foreign prince and asking for your personal information? Watch…

Posted by Facebook Security on Monday, May 18, 2015

In order to keep your personal data secure, make sure to practice the following:

  • Shred all personal documents before throwing them away. This is especially important when dealing with bank statements and bills.
  • Be mindful of what you post on social media and other online forums.
  • Choose your passwords carefully. Keep them diverse and don’t use the same password for each of your accounts.
  • Use security software on all of your devices and make sure that it’s up to date.

How to spot a hacker before it’s too late? As the video’s narrator warns, “Beware of anyone requesting your personal data or money, whether over the phone, via email or online. They may pretend to be a romantic interest, a family member in trouble, or even a foreign prince – odds are, they’re not.”

 

Avira

ErsatzPassword Gives Fake Passwords to Hackers

The system, called ErsatzPasswords (German for: Replacement Password ), should make it much harder for hackers to crack passwords. That could especially come in handy with data breaches, where cybercriminals gain access to a lot of hashed passwords from the leaks.

Since passwords are normally encrypted (storing a plain-text password would be a huge security risk!) hackers need to decrypt them somehow. A common approach would be the brute-force attack, where one would try guesses repeatedly for the password and check them against the available cryptographic hash of it. Ordinary desktop computers can test over a hundred million passwords per second using password cracking tools like John the Ripper. And that’s where ErsatzPassword comes into play:

“[…] when an attacker exfiltrates the hashed passwords file and tries to crack it, the only passwords he will get are the ersatz passwords — the “fake passwords”. When an attempt to login using these ersatz passwords is detected an alarm will be triggered in the system that someone attempted to crack the password file”, says Mohammed H. Almeshekah, one of the authors of the paper. “Even with an adversary who knows the scheme, cracking cannot be launched without physical access to the authentication server.”

Sounds pretty cool and secure, right? If you want to find out more about the idea behind ErsatzPassword, take a look at the research paper or the code directly.

The post ErsatzPassword Gives Fake Passwords to Hackers appeared first on Avira Blog.

Full Disclosure

SEC Consult SA-20150519-0 :: Critical buffer overflow vulnerability in KCodes NetUSB (VU#177092, CVE-2015-3036)

Posted by SEC Consult Vulnerability Lab on May 19

SEC Consult Vulnerability Lab Security Advisory < 20150519-0 >
=======================================================================
title: Kernel Stack Buffer Overflow
product: KCodes NetUSB
vulnerable version: see Vulnerable / tested versions
fixed version: see Solution
CVE number: CVE-2015-3036, VU#177092
impact: Critical
homepage: http://www.kcodes.com/

Security

Debian Security Advisory 3175-2

Debian Linux Security Advisory 3175-2 – It was discovered that by sending crafted Router Advertisement packets, an attacker on the local network could lower the Current Hop Limit and cause the system to lose the ability to communicate with another IPv6 node on a different network.

Security

Address-Spoofing Bug Haunts Android Stock Browser

There’s an easily exploitable vulnerability in the Android stock browser that enables an attacker to spoof the URL in the address bar and force a victim to visit a malicious site while believing he is visiting a benign one. Security researcher Rafay Baloch discovered the vulnerability and developed the technique for exploiting it. The problem […]

Panda Security

Try our Beta and win 200€ on Amazon!

2016 beta contest

Today we are launching our Panda Security 2016 rage beta!

And we will like to ask you for your help! We will love if you could use it, have a look around and give us some feedback! We will appreciate your ideas, comments, and suggestions on what you liked best and, especially, what could be improved.

For a chance to win a 200€ Amazon Gift Card! Among the most useful comments we will give away not one, but 9 gift cards!

How to enter this giveaway? Through our channels in Facebook, Twitter (using the hashtag #PandaBeta), Google+ or by leaving a comment on this article.

Panda Security 2016 Beta Contest

What do you have to do? Download our beta and give us your opinion.

Dates: from May 19 to June 9.

How? Through our official channels.

banner en

The post Try our Beta and win 200€ on Amazon! appeared first on MediaCenter Panda Security.

Security

Breakpoint 2015 Call For Papers

The Breakpoint 2015 Call For Papers has been announced. It will take place at the Intercontinental Rialto in Melbourne, Australia October 22nd through the 23rd, 2015. Breakpoint showcases the work of expert security researchers from around the world on a wide range of topics. This conference is organized by the Ruxcon team and offers a specialized security conference to complement and lead into the larger and more casual Ruxcon weekend conference. Breakpoint caters towards security researchers and industry professionals alike, with a focus on cutting edge security research.

CentOS

CEBA-2015:1016 CentOS 6 bind BugFix Update

CentOS Errata and Bugfix Advisory 2015:1016 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-1016.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
21796f7651ea8edf0abcc5e18eea10e7f8dcdf5e1370b7f9c57e7f28794861fe  bind-9.8.2-0.30.rc1.el6_6.3.i686.rpm
fd99c7e076ebd7dca6c22cd30839eaf38ff922a605757a3137ef7b2b6d0f09c4  bind-chroot-9.8.2-0.30.rc1.el6_6.3.i686.rpm
65da55142c1c84308b48756f4638072fc68cdfd617fe96aff5d102e1e63757e8  bind-devel-9.8.2-0.30.rc1.el6_6.3.i686.rpm
dc1162f7e79cbecc4bc738dc4afd188a507a01f9125820a7b140c8b88aaa41ee  bind-libs-9.8.2-0.30.rc1.el6_6.3.i686.rpm
a39e40e6018b0a9e2516e1f4183745d9e07612a0efe7e7a75f79e51e672aaed6  bind-sdb-9.8.2-0.30.rc1.el6_6.3.i686.rpm
f14b7f9e8edddd5a4591a019a68cea4ac9ada5d0b0b90cf2907a8615e3ae6b20  bind-utils-9.8.2-0.30.rc1.el6_6.3.i686.rpm

x86_64:
3460d7db849d92876eac3da4779697417077cef2623efd6154dc86cad3f24bed  bind-9.8.2-0.30.rc1.el6_6.3.x86_64.rpm
c505d86b72b6f7f48cca9166a28284cc42a05f325be0f298d958ae95679e4c78  bind-chroot-9.8.2-0.30.rc1.el6_6.3.x86_64.rpm
65da55142c1c84308b48756f4638072fc68cdfd617fe96aff5d102e1e63757e8  bind-devel-9.8.2-0.30.rc1.el6_6.3.i686.rpm
8120eaa006287cabad1979df69ad93175eb9b24f6a8e73ec6b8cf99f2a26226b  bind-devel-9.8.2-0.30.rc1.el6_6.3.x86_64.rpm
dc1162f7e79cbecc4bc738dc4afd188a507a01f9125820a7b140c8b88aaa41ee  bind-libs-9.8.2-0.30.rc1.el6_6.3.i686.rpm
5e2afa5d1109347fdd64537ff125bc2df0721104dc796781e485b01ba202ca42  bind-libs-9.8.2-0.30.rc1.el6_6.3.x86_64.rpm
3ec3897f46363bd65be6f00798677fad0ac85af6be58362573d4d4d68926bc42  bind-sdb-9.8.2-0.30.rc1.el6_6.3.x86_64.rpm
05f7970ed69dd28d992985c03b5276b7683cd57c257879844be16e0f48c65a9b  bind-utils-9.8.2-0.30.rc1.el6_6.3.x86_64.rpm

Source:
bf3ff6c38ea828be36cd5019f2aa8ce96aebd760b8b3b23ffeaddae089fcc872  bind-9.8.2-0.30.rc1.el6_6.3.src.rpm