All posts by 007admin

Fedora

dovecot-2.2.29.1-1.fc24

+ quota: Add plugin { quota_max_mail_size } setting to limit the
maximum individual mail size that can be saved.
+ imapc: Add imapc_features=delay-login. If set, connecting to the
remote IMAP server isn’t done until it’s necessary.
+ imapc: Add imapc_connection_retry_count and
imapc_connection_retry_interval settings.
+ imap, pop3, indexer-worker: Add (deinit) to process title before
autoexpunging runs.
+ Added %{encrypt} and %{decrypt} variables
+ imap/pop3 proxy: Log proxy state in errors as human-readable string.
+ imap/pop3-login: All forward_* extra fields returned by passdb are
sent to the next hop when proxying using ID/XCLIENT commands. On the
receiving side these fields are imported and sent to auth process
where they’re accessible via %{passdb:forward_*}. This is done only
if the sending IP address matches login_trusted_networks.
+ imap-login: If imap_id_retain=yes, send the IMAP ID string to
auth process. %{client_id} expands to it in auth process. The ID
string is also sent to the next hop when proxying.
+ passdb imap: Use ssl_client_ca_* settings for CA validation.
– fts-tika: Fixed crash when parsing attachment without
Content-Disposition header. Broken by 2.2.28.
– trash plugin was broken in 2.2.28
– auth: When passdb/userdb lookups were done via auth-workers, too much
data was added to auth cache. This could have resulted in wrong
replies when using multiple passdbs/userdbs.
– auth: passdb { skip & mechanisms } were ignored for the first passdb
– oauth2: Various fixes, including fixes to crashes
– dsync: Large Sieve scripts (or other large metadata) weren’t always
synced.
– Index rebuild (e.g. doveadm force-resync) set all mails as Recent
– imap-hibernate: %{userdb:*} wasn’t expanded in mail_log_prefix
– doveadm: Exit codes weren’t preserved when proxying commands via
doveadm-server. Almost all errors used exit code 75 (tempfail).
– ACLs weren’t applied to not-yet-existing autocreated mailboxes.
– Fixed a potential crash when parsing a broken message header.
– cassandra: Fallback consistency settings weren’t working correctly.
– doveadm director status : “Initial config” was always empty
– imapc: Various reconnection fixes.

Fedora

dovecot-2.2.29.1-1.fc26

+ quota: Add plugin { quota_max_mail_size } setting to limit the
maximum individual mail size that can be saved.
+ imapc: Add imapc_features=delay-login. If set, connecting to the
remote IMAP server isn’t done until it’s necessary.
+ imapc: Add imapc_connection_retry_count and
imapc_connection_retry_interval settings.
+ imap, pop3, indexer-worker: Add (deinit) to process title before
autoexpunging runs.
+ Added %{encrypt} and %{decrypt} variables
+ imap/pop3 proxy: Log proxy state in errors as human-readable string.
+ imap/pop3-login: All forward_* extra fields returned by passdb are
sent to the next hop when proxying using ID/XCLIENT commands. On the
receiving side these fields are imported and sent to auth process
where they’re accessible via %{passdb:forward_*}. This is done only
if the sending IP address matches login_trusted_networks.
+ imap-login: If imap_id_retain=yes, send the IMAP ID string to
auth process. %{client_id} expands to it in auth process. The ID
string is also sent to the next hop when proxying.
+ passdb imap: Use ssl_client_ca_* settings for CA validation.
– fts-tika: Fixed crash when parsing attachment without
Content-Disposition header. Broken by 2.2.28.
– trash plugin was broken in 2.2.28
– auth: When passdb/userdb lookups were done via auth-workers, too much
data was added to auth cache. This could have resulted in wrong
replies when using multiple passdbs/userdbs.
– auth: passdb { skip & mechanisms } were ignored for the first passdb
– oauth2: Various fixes, including fixes to crashes
– dsync: Large Sieve scripts (or other large metadata) weren’t always
synced.
– Index rebuild (e.g. doveadm force-resync) set all mails as Recent
– imap-hibernate: %{userdb:*} wasn’t expanded in mail_log_prefix
– doveadm: Exit codes weren’t preserved when proxying commands via
doveadm-server. Almost all errors used exit code 75 (tempfail).
– ACLs weren’t applied to not-yet-existing autocreated mailboxes.
– Fixed a potential crash when parsing a broken message header.
– cassandra: Fallback consistency settings weren’t working correctly.
– doveadm director status : “Initial config” was always empty
– imapc: Various reconnection fixes.

Panda Security

Who’s Behind the Yahoo Attack? It might be Russian Agents

We’re all familiar with the massive data leaks that Yahoo suffered last year. But until recently, we had very little in the way of clues as to who was behind the attacks which started at the beginning of 2014. As more evidence comes to light, it’s becoming increasingly apparent that this is not your run-of-the-mill cybercrime. According to a recent indictment by the US Department of Justice, the folks behind that attack appear to be agents of the Russian Federal Security Service.

The theft of 500 million Yahoo accounts three years ago was allegedly used as a way for the Russian government to access information on a series of targets ranging from the White House itself to cloud computing companies. Military officials, executives of financial companies, and even an airline company were also among the targeted.

In the name of espionage, this attack gave hackers the means of stealing data such as names, email addresses, and credentials. According to information provided by Yahoo in their announcement of the breach, the culprits would not have been able to access data of a more confidential nature, such as sensitive financial information.

In a somewhat ironic turn of events, the information provided by the Justice Department indictment appears to indicate that the stolen data was also used to spy on Russian government officials.

The Yahoo Attack: A Breach to Go Down in History

While this would not be the first time that Russian cybercriminals have been accused of data theft, it is in fact the first time that charges have been filed against officials operating in the shadow of Vladimir Putin. Although the agency is supposed to help agencies of other countries track down Russian cybercriminals, in this case two of its own operatives allegedly collaborated to conceal the robbery from their superiors.

“The involvement and direction of F.S.B. officers with law enforcement responsibilities makes this conduct that much more egregious,” said acting assistant US Attorney General Mary B. McCord.

Although the Russian administration has not given an official response to the US indictment, the country’s press has called into question the US Department of Justice’s movement.

In any case, and regardless of who is responsible for these or other breaches, massive data leaks at services such as Yahoo highlight the need to use secure credentials and a protection that is suited to the needs of your company to prevent the theft of confidential information, or even considerable sums of money, in the event of a cyberattack.

The post Who’s Behind the Yahoo Attack? It might be Russian Agents appeared first on Panda Security Mediacenter.

Avira

Thimbleweed Park: Review

Classical point-and-click adventure are out. They are the dinosaurs of gaming and no one ever plays them anymore, right? Well … kind of. Point-and click-adventures had their 5 minutes of fame some 30 years ago, when classics like Monkey Island, Zack McCracken, and Kings Quest entertained a whole generation of gamers. Since then adventure games […]

The post Thimbleweed Park: Review appeared first on Avira Blog.