Monthly Archives: February 2016

Security

Ubuntu Security Notice USN-2908-3

Leave a comment

Ubuntu Security Notice 2908-3 – halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. Various other issues were also addressed.

Security

Ubuntu Security Notice USN-2908-2

Leave a comment

Ubuntu Security Notice 2908-2 – halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. Various other issues were also addressed.

Security

Ubuntu Security Notice USN-2910-1

Leave a comment

Ubuntu Security Notice 2910-1 – halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. Various other issues were also addressed.

Security

Ubuntu Security Notice USN-2909-1

Leave a comment

Ubuntu Security Notice 2909-1 – halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. Various other issues were also addressed.

Security

Ubuntu Security Notice USN-2906-1

Leave a comment

Ubuntu Security Notice 2906-1 – Alexander Cherepanov discovered that GNU cpio incorrectly handled symbolic links when used with the –no-absolute-filenames option. If a user or automated system were tricked into extracting a specially-crafted cpio archive, a remote attacker could possibly use this issue to write arbitrary files. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Gustavo Grieco discovered that GNU cpio incorrectly handled memory when extracting archive files. If a user or automated system were tricked into extracting a specially-crafted cpio archive, a remote attacker could use this issue to cause GNU cpio to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

AVG

Breathing fresh air into the Internet of Things, to keep you alive

Leave a comment

Here at AVG we have an innovation team (AVG Innovation Labs) that looks at future security risks and how technology can be deployed to manage it.

And when it comes to new IoT devices, special consideration is needed to ensure data is kept personal and private. AVG Innovation Labs undertakes research to allow us to understand how best to provide these services going forward.

The AVG team have been innovating their own IoT devices and applications to get a first-hand experience of the challenges that vendors go through when creating a device for the home.

One of those projects has been looking at air quality and how it can be an issue for many people, whether they suffer from allergies or maybe asthma. Breathing clean and acceptable air can improve our day to day experience, and by extension our personal security.

The device starts with measuring the Air Quality Index (AQI) which provides an overall rating of air quality.  This is obtained by analyzing multiple sensor readings such as relative humidity, temperature, carbon monoxide, ammonia, and many more.

In conjunction with our vision of the future for AVG Zen and Family Graph, we’re demonstrating the importance of location as an impact on the safety of everyday family life.

Now imagine a scenario where we combine some of that future AVG Zen functionality with Air Quality monitoring and other connected devices in the home.

Through location sharing our devices know if we are home, travelling, or even en route from work or school. As we start our travel toward home, our smart connected device that we all carry could automatically connect with the home network to inspect the status of air quality and temperature remotely.

With that information at hand, and making decisions based on our preferences, the technology could automatically open vents or start de-humidification or air-conditioning units to change the air quality, or switch on the heating so that we have a warm house to welcome us home.

The potential for technology to improve our everyday lives and ensure that our environment is the best it could be is remarkable. There is also the life-saving benefit of avoiding toxic conditions caused when a gas powered heating system malfunctions, for example.

When IoT devices bring real value such as this, it’s important that they are not interfered with by hackers, and that the data analyzed remains private and secure. Imagine getting home to find the air quality has been made worse not better, or that the house is too cold or even too hot and you have a large energy bill coming your way.

Through innovation like this, AVG is able to understand the complex challenges of securing devices and services that will one day provide us all with truly connected homes and lives.