HP Security Bulletin HPSBMU03377 2 – A potential security vulnerability has been identified with HP Release Control running RC4. A vulnerability in SST/TLS RC4 stream cipher known as Bar Mitzah was addressed by HPE Release Control. The vulnerability could be exploited to allow remote disclosure of information. Revision 2 of this advisory.
Monthly Archives: March 2016
HP Security Bulletin HPSBGN03373 2
HP Security Bulletin HPSBGN03373 2 – A potential security vulnerability has been identified with HP Release Control running TLS. A vulnerability in TLS using US export-grade 512-bit keys in Diffie-Hellman key exchange known as Logjam was addressed by HPE Release Control. The vulnerability could be exploited remotely resulting in disclosure of information. Revision 2 of this advisory.
Red Hat Security Advisory 2016-0455-01
Red Hat Security Advisory 2016-0455-01 – The ruby193 collection provides Ruby version 1.9.3 and Ruby on Rails version 3.2. Ruby on Rails is a model-view-controller framework for web application development. Multiple directory traversal flaws were found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the ‘render’ method, a remote, unauthenticated attacker could use these flaws to render unexpected files and, possibly, execute arbitrary code. Various other issues were also addressed.
Think your cell phone is tapped? Don’t panic!
At the end of last year, the US government put an end to the secret surveillance program carried out by the National Security Agency (NSA). Not bad. Apparently, citizens have one less reason to worry about the privacy of their phone calls. However, the suspicion that someone else is listening to your conversations not only stems from the existence of organizations like that.
Experts have warned us that certain types of spyware can be used to remotely open a smartphone’s microphone and listen to the nearby sounds to find its location. If that weren’t enough, researchers from different universities have developed programs to record conversations in the same surreptitious manner.
Additionally, some Internet users claim that Google and Facebook have shown them ads and search results related to information they have only communicated over the phone. They are convinced that these companies are eavesdropping on their telephone calls and using the information they obtain to customize ads for them.
In light of these events, the first question that comes to our mind is this: Can an app be used to open a device’s microphone without you realizing?
Security experts have demonstrated that yes, it’s possible and not too complicated. To develop an Android spy app, you simply have to take advantage of the Android capabilities to assign permissions to the app to use the microphone, and program a server that collects the information.
While it is not confirmed whether or not apps are available today that use those techniques to spy on users, the advisable thing to do is always check the origin of the apps you download to your phone, just in case.
The second question has to do with big companies: Do they actually use the recordings they get of background noises and user conversations?
Google affirms that it doesn’t use the information it collects when users say ‘OK Google’ (and enable the voice recognition feature) to display personalized ads. It also denies sharing the information it obtains with other companies for them to deliver personalized advertisements.
Additionally, the Mountain View company states in its developer policies that its apps cannot collect user data without authorization, something that would happen if users’ conversations were monitored.
Facebook also explains that it doesn’t allow companies or advertisers to design personalized advertising from the information obtained through users’ microphones, indicating that the ads it displays are exclusively based on the activities performed by users on the social network.
A mathematician from the Imperial College London, author of the book ‘The Improbability Principle’, claimed on the BBC that human beings are designed by evolution to always look for an explanation, even when there isn’t one. That’s why we are always establishing connections between events. Therefore, the coincidences that exist among the people who share their fears in Internet forums could be just that, coincidences. In principle, and leaving conspiracy theories aside, there should be nothing to worry about.
The post Think your cell phone is tapped? Don’t panic! appeared first on MediaCenter Panda Security.
Watch Video: How Hacker Installs a Credit Card Skimmer in 3 Seconds
Card Skimmers have been around for years, but the video posted below is a perfect example of the evolution of the technology used by thieves.
The video released by Miami Beach Police involved two men who work as a team to install a credit card Skimmer on top of a card terminal at a local gas station in LESS THAN 3 SECONDS.
Yes, in just less than 3 seconds hackers can turn a regular
Red Hat Security Advisory 2016-0457-01
Red Hat Security Advisory 2016-0457-01 – PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Multiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. Multiple flaws were found in the way the way PHP’s Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened.
Red Hat Security Advisory 2016-0456-01
Red Hat Security Advisory 2016-0456-01 – The rh-ror41 collection provides Ruby on Rails version 4.1. Ruby on Rails is a model-view-controller framework for web application development. A directory traversal flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the ‘render’ method, a remote, unauthenticated attacker could use this flaw to render unexpected files and, possibly, execute arbitrary code. Various other issues were also addressed.
HP Security Bulletin HPSBGN03556 1
HP Security Bulletin HPSBGN03556 1 – Potential security vulnerabilities have been identified with ArcSight ESM and ESM Express. The vulnerabilities could be exploited remotely to trick an unsuspecting user into downloading arbitrary files, or running arbitrary commands on the local system. Revision 1 of this advisory.
Red Hat Security Advisory 2016-0454-01
Red Hat Security Advisory 2016-0454-01 – The ror40 collection provides Ruby on Rails version 4.0. Ruby on Rails is a model-view-controller framework for web application development. Multiple directory traversal flaws were found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the ‘render’ method, a remote, unauthenticated attacker could use these flaws to render unexpected files and, possibly, execute arbitrary code. Various other issues were also addressed.
Red Hat Security Advisory 2016-0450-01
Red Hat Security Advisory 2016-0450-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. An integer overflow flaw was found in the way the Linux kernel’s Frame Buffer device implementation mapped kernel memory to user space via the mmap syscall. A local user able to access a frame buffer device file could possibly use this flaw to escalate their privileges on the system. It was found that the Xen hypervisor x86 CPU emulator implementation did not correctly handle certain instructions with segment overrides, potentially resulting in a memory corruption. A malicious guest user could use this flaw to read arbitrary data relating to other guests, cause a denial of service on the host, or potentially escalate their privileges on the host.