seafile-server version 3.1.5 suffers from a denial of service vulnerability.
All posts by 007admin
Kaspersky Lab Survey: Healthcare and Financial Services Sectors Struggle with Virtualization Security Concerns
Is it time you used two-factor authentication?
Two-factor authentication is an additional security measure that you can add to your online accounts to help keep them safe from attack and fraud.
“Two-factor†simply means that you need something other than your password in order to access your account. This normally comes in the form of a code generated by an app or sent to you in a text or email. Two-factor-authentication means that should your password be compromised, your accounts are still protected.
You may be familiar with two-factor authentication for online banking, where it has been used for a long time to validate logins and safely setting up transactions. Given its security benefits, many of the leading websites and services have enabled two-factor authentication for users. Google, for example, implemented the extra layer of security in early 2011, but many users still don’t realize that it is available.
While logging into accounts with two-factor authentication does require a little extra effort on behalf of the user, the extra layer of security does make it well worth-while.
How to Setup Two-Factor Authentication
In this example I will be setting up two-factor authentication on a Google account but similar instructions can be found for most popular sites such as Amazon, Dropbox and Facebook.
Before setting up two-factor authentication you need to make sure you have two things available. The first is a secure password, something you should already be using, on whichever services you use (Although you should have different password for each service for greater security). The second would be a device or application that can receive a code, most commonly a smartphone.
- Go to: www.google.com/settings/security
- Click “Set Up†under 2-step verification menu
- Chose how you would to receive your codes: SMS or codes
- Download Google’s Authenticator app for Android or iOS.
- Link your Authenticator app or device to your Google account using the code provided
Once you are setup for two-factor authentication it’s ready to go in the wild. The next time a new device or browser tries to access your account they will need your username and password like before, but then you will need to enter in an access code pin that is either texted to you or synced to the authenticator app. Once the username, password, and pin number are all entered correctly you are logged in.
Two-factor authentication is one of the settings we believe strongly in to help mitigate password hacking because even if somebody does know your password they still can’t get into your account. It is important to remember however there are other methods to get access to your information so just using this helps secure your password login, but won’t guarantee all information is secure. This is a great step forward to better security and privacy of your data and we highly recommend all users activate two-factor authentication wherever they can.
MIUI Torch Enable
MIUI versions 4.1.17 and 5.30 have a flaw where NFC can be used to enable the torch.
MIUI Wifi Connection Message Wireless Enable
MIUI versions 4.1.17 and 5.30 have a flaw where NFC can be used to enable wifi.
Android Bluetooth Enable
A logic flaw in some versions of Android can allow for bluetooth to be automatically enabled via NFC.
Project Kakilles 0.3
Kakilles is a perl script that spawns an HTTP proxy and lets you modify user-agent, content, and cookie headers.
GTA V hacks warning as gamers ‘lose millions’ in online games
Gamers have reported losing millions of dollars to hackers running customized software which allows them to steal weapons, loot money, and even make people blow up in their own apartments, according to prominent Grand Theft Auto V YouTube reporter DomIsLive, who devoted an issue of his daily show to GTA V hacks this month.
Yahoo News reports that multiple players have been affected by glitches in online games, described variously as “unfairly moddedâ€, ie using in-game tools, or simply as “hackedâ€.
DomIsLive, who has nearly half a million subscribers on YouTube, says that several of his subscribers reported losing “millions†in online games which had seemingly been hacked.
On Rockstar’s forums, various gamers complain about having lost large sums of in-game currency to similar GTA V hacks. DomIsLive claims to have seen multiple threads on the forums relating to the same or similar hacks.
GTA V hacks: Losing millions?
ESET Distinguished Researcher Aryeh Goretsky looks in detail at the blurred lines between cheating and crime in an extended blog post on We Live Security, saying, “Computer gaming is a huge and a wildly successful market, and as in any system that works at scale, there are going to be so-called businessmen or entrepreneurs who “seek to optimize their return on investment through whatever means possible†or, to put it more succinctly, criminals who abuse the ecosystem.â€
It appears GTA V’s online game system is not exempt.
In one screenshot posted on DomisLive’s channel, a gamer complains, “Dear Rockstar, I have just been robbed of my weapons by an unfair modder. He stole my weapons, causing me to pay around 1,000,000 and I earned it fair and square, and I wondered if I could get my money back because I’m extremely frustrated.â€
‘Rockstar may not reimburse money’
A Rockstar games representative replies, saying that the team will investigate, but warning that, “Rockstar will definitely look into this, however they may not be able to reimburse you with weapons and/or GTA dollars.â€
It’s unclear whether one specific GTA V hack is responsible, or a multitude of methods. DomisLive advises his subscribers, “Losing their money in public sessions, I advise you to stay out of public sessions and stick to private sessions with this friend. If you see something strange happening, and if you see someone dropping their money, leave that lobby now.â€
Responses from his subscribers seem to indicate that the problem is worse on Xbox 360 than on PlayStation 3. One poster says, “On Xbox it seems like every 20 sessions you join, you find one [a hacker]. On the PS3 I haven’t found that many, and from what people have told me, it’s because there aren’t that many.â€
The post GTA V hacks warning as gamers ‘lose millions’ in online games appeared first on We Live Security.
MS14-053 – Important: Vulnerability in .NET Framework Could Allow Denial of Service (2990931) – Version: 1.1
Severity Rating: Important
Revision Note: V1.1 (September 17, 2014): V1.1 (September 17, 2014): Bulletin revised to clarify language in the Executive Summary, Mitigating Factors, and Vulnerability FAQ sections that describes the attack vector for CVE-2014-4072. This is an informational change only. Customers who have already successfully installed the update do not have to take any action.
Summary: This security update resolves one privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow denial of service if an attacker sends a small number of specially crafted requests to an affected .NET-enabled website. By default, ASP.NET is not installed when Microsoft .NET Framework is installed on any supported edition of Microsoft Windows. To be affected by the vulnerability, customers must manually install and enable ASP.NET by registering it with IIS.
DSA-3027 libav – security update
Several security issues have been corrected in multiple demuxers and
decoders of the libav multimedia library. A full list of the changes is
available at
http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.15