Apple Security Advisory 2014-12-11-1 – Safari 8.0.2, Safari 7.1.2, and Safari 6.2.2 are now available and include the security content of Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1.
Monthly Archives: December 2014
ResourceSpace 6.4.5976 XSS / SQL Injection / Insecure Cookie Handling
ResourceSpace suffers from cross site scripting, html injection, insecure cookie handling, and remote SQL injection vulnerabilities. Versions 6.4.5976 and below are affected.
BMC TrackIt! 11.3 Unauthenticated Local User Password Change
BMC TrackIt! version 11.3 suffers from an unauthenticated local user password change vulnerability.
Debian Security Advisory 3098-1
Debian Linux Security Advisory 3098-1 – Joshua Rogers discovered a format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz, a rich set of graph drawing tools. An attacker could use this flaw to cause graphviz to crash or possibly execute arbitrary code.
Ubuntu Security Notice USN-2439-1
Ubuntu Security Notice 2439-1 – Michael S. Tsirkin discovered that QEMU incorrectly handled certain parameters during ram load while performing a migration. An attacker able to manipulate savevm data could use this issue to possibly execute arbitrary code on the host. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 14.10. Paolo Bonzini discovered that QEMU incorrectly handled memory in the Cirrus VGA device. A malicious guest could possibly use this issue to write into memory of the host, leading to privilege escalation. Various other issues were also addressed.
Red Hat Security Advisory 2014-1982-01
Red Hat Security Advisory 2014-1982-01 – X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Multiple integer overflow flaws and out-of-bounds write flaws were found in the way the X.Org server calculated memory requirements for certain X11 core protocol and GLX extension requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server or, potentially, execute arbitrary code with root privileges.
Red Hat Security Advisory 2014-1983-01
Red Hat Security Advisory 2014-1983-01 – X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Multiple integer overflow flaws and out-of-bounds write flaws were found in the way the X.Org server calculated memory requirements for certain X11 core protocol and GLX extension requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server or, potentially, execute arbitrary code with root privileges.
RedCloth Cross Site Scripting
RedCloth suffers from a cross site scripting vulnerability.
Ubuntu Security Notice USN-2440-1
Ubuntu Security Notice 2440-1 – Jakub Wilk discovered that the write_one_header function in mutt did not properly handle newline characters at the beginning of a header. An attacker could specially craft an email to cause mutt to crash, resulting in a denial of service.
Facebook’s new privacy policies and your data security
Facebook doesn’t want you to be in the dark about their new privacy policies.
2015 is arriving and, as usual, tech companies start to launch their updates for the new year. However, it looks like someone is sparking some debate with its recent policies that are to be implemented in less than a month. That someone is… Facebook.
After all the controversy around the Facebook Messenger app last summer, the world’s largest social media company is under fire, again!
Recently, Facebook published their new terms, data policies, and cookies policies that the network will launch January 1st. Basically, the update says that every user of Facebook’s services agree, among other changes, with the utilization of tools that can help to aggregate data in order to create more customized ads – the company also introduces ways to guarantee basic data security.
I’ve noticed that the way I’ve received the ads in my profile is quite different to what it used to be. After simply browsing through a website related to a specific theme, let’s say, football or software, I immediately start to receive wall post offers related to that topic, company, or product that I researched online. Imagine how it’s going to be in 2015 after the new policy has been officially launched?
Is Facebook spying on you?
Would the world’s largest social media website be spying on us? They have admitted publicly that it’s quite easy to monitor online activities, and they do hold a lot of data on their members, which makes people feel a bit uncomfortable. Just search for articles about it, and you’ll see.
Facebook’s goal with this new privacy policy is to help users “understand how Facebook works and how to control your information.” This introduces an element of decision-making on the user’s behalf.
Some of the updates you can expect to see are:
Discover what’s going on around you: Facebook is working on ways to show you the most relevant information based on where you are and what your friends are up to.
Make purchases more convenient: People in some regions will see a Buy button, making purchasing easy because you don’t have to leave Facebook. And you get targeted ads based on what you are interested in, like me seeing an increased number of football and software ads.
Make you part of the Facebook ecosystem: You will be even more invested in the “Facebook family” because they are making Instagram, WhatsApp, and the growing number of companies, apps and services that Facebook is acquiring work together more seamlessly.
Your data is still under your control
You should be concerned about the contents and data that you publish on Facebook, because sometimes they make you look like an idiot, but don’t go off the deep end thinking that your social network will steal your privacy! You are still under control of your data!
To help you maintain control, Facebook wants you to understand how they use your information and find information about privacy on Facebook at the moment you need it. Tips and suggestions can be found in Privacy Basics.
It’s also necessary for you to take some precautions, such as:
- Use strong passwords to access your profiles and accounts
- Don’t share sensitive information in social media channels
- Take double precaution with fake websites
- Only proceed with online payments when logged to https pages
And, obviously, use a good antivirus that will help you with all the above procedures! No matter what tools online companies and social media websites are using to better understand your behavior in the “Internet of Things”, you are still under control of your data. Do your part and live a health virtual life!