Debian Linux Security Advisory 3252-2 – Michal Zalewski discovered that SQLite3, an implementation of an SQL database engine, did not properly handle precision and width values during floating-point conversions, leading to an integer overflow and a stack-based buffer overflow. This could allow remote attackers to cause a denial of service (crash) or possibly have unspecified other impact.
Monthly Archives: June 2015
Debian Security Advisory 3285-1
Debian Linux Security Advisory 3285-1 – Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware.
Debian Security Advisory 3286-1
Debian Linux Security Advisory 3286-1 – Multiple security issues have been found in the Xen virtualisation solution.
Debian Security Advisory 3287-1
Debian Linux Security Advisory 3287-1 – Multiple vulnerabilities were discovered in OpenSSL, a Secure Sockets Layer toolkit.
Debian Security Advisory 3288-1
Debian Linux Security Advisory 3288-1 – Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library.
Duqu 2.0 Attackers Used Stolen Foxconn Certificate, Signed Driver
The attackers behind the recently disclosed Duqu 2.0 APT have used stolen digital certificates to help sneak their malware past security defenses, and one of the certificates used in the attacks was issued to Foxconn, the Chinese company that manufactures products for Apple, BlackBerry, Dell, and many other companies. Researchers at Kaspersky Lab, who discovered […]
Emojis: We Want To Be Your New PIN
Intelligent Environments solution to your run of the mill 4 digit PIN is not some pill you swallow or “secrets” you and your smartphone share. Their idea involves lots of little pictures so called emojis, that will replace your accounts’ PIN. The emojis are the evolved smilies that sometimes really remind you of the god old Windows cliparts. You normally use them when chatting on WhatsApp (or any other app really) with your friends and family.
Now you might ask yourself the same thing I did: Why would I ever replace my trusty old PIN? The answer to that question is pretty simple. A normal PIN which you would use in order to secure your account, most of the time only uses four digits from 0 to 9. This means that a traditional PIN has 7290 unique permutations of four non-repeating numbers. An emoji Passcode that relies on a base of 44 emojis would sport 3,498,308 million unique permutations of non-repeating cute little images.
According to Intelligent Environments there are other advantages as well apart from being mathematically more: “This new emoji security technology is also easier to remember as research shows humans remember pictures better than words.” And memory expert Tony Buzan adds: “The Emoji Passcode plays to humans’ extraordinary ability to remember pictures, which is anchored in our evolutionary history. We remember more information when it’s in pictorial form, that’s why the Emoji Passcode is better than traditional PINs.”
Well – I’ve had no issues so far when it comes to my four digit pin but I would certainly not mind using emojis at all!
The post Emojis: We Want To Be Your New PIN appeared first on Avira Blog.
Uber site flaw allows hacker to display rival ad
A flaw in taxi cab network Uber’s site allowed a security researcher to manipulate the firms home page and display a rival advert, it has been claimed.
The post Uber site flaw allows hacker to display rival ad appeared first on We Live Security.
CVE-2015-4344
The Services Basic Authentication module 7.x-1.x through 7.x-1.3 for Drupal allows remote attackers to bypass intended resource restrictions via vectors related to page caching.
CVE-2015-4345
The RESTWS Basic Auth submodule in the RESTful Web Services module 7.x-1.x before 7.x-1.5 and 7.x-2.x before 7.x-2.3 for Drupal caches pages for authenticated requests, which allows remote attackers to obtain sensitive information via unspecified vectors.