LIVE HACKING

PHP 5.3.10 Fixes Critical Security Vulnerability

Ethical Hacker — Fri, 03 Feb 2012 11:24:46 +0000

(LiveHacking.Com) – The PHP development team have released PHP 5.3.10 to fix a recently discovered remote code execution vulnerability. The vulnerability is a result of the hash table collisions CPU usage denial-of-service fix which was added to 5.3.9. For that fix the maximum possible number of input parameters was limited to 1000, but because of a bug [...]

Mozilla Releases Firefox 10 and Firefox 3.6.26 to Address Multiple Vulnerabilities

Ethical Hacker — Thu, 02 Feb 2012 07:31:05 +0000

(LiveHacking.Com) – The Mozilla Foundation has released Firefox 10 and Firefox 3.6.26 to address multiple security vulnerabilities. These vulnerabilities, if exploited, could allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, or perform a cross-site scripting attack. Firefox 10 fixes 8 security issues of which 5 are rated as “Critical”. [...]

Symantec Releases pcAnywhere Patch and Declares it Safe to Use

Ethical Hacker — Wed, 01 Feb 2012 08:01:39 +0000

(LiveHacking.Com) – Symantec has released a patch that, according to them, eliminates all known vulnerabilities affecting customers using pcAnywhere 12.0 and pcAnywhere 12.1. This is the latest step (but not the last) in an on going saga about source code stolen from Symantec in 2006. Only last week updated Symantec its “Claims by Anonymous about Symantec [...]

Millions of WordPress Sites Exposing Potentially Private Photos Due to Misconfiguration

Ethical Hacker — Tue, 31 Jan 2012 08:15:49 +0000

(LiveHacking.Com) – A security researcher has discovered that millions of web sites which run on the popular WordPress blogging plaform are exposing potentially private photos and images due to misconfiguration and a privacy vulnerability in the NextGEN Gallery plugin. The problem is that the NextGEN Gallery plugin allows unrestricted HTTP browsing of its ‘gallery’ directory and so exposes [...]

Cisco Publishes Advisory About its IronPort Appliances

Ethical Hacker — Mon, 30 Jan 2012 07:56:20 +0000

(LiveHacking.Com) – Cisco has released a security advisory for its IronPort Email Security Appliances (ESA) and IronPort Security Management Appliances (SMA) due to a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code with elevated privileges. Since the appliances run AsyncOS, a modified version of the FreeBSD kernel they are vulnerable to [...]

US-Cert Warns of On-going Denial-of-Service Attacks by Anonymous

Ethical Hacker — Fri, 27 Jan 2012 10:39:48 +0000

(LiveHacking.Com) – The United States Computer Emergency Readiness Team (US-CERT), the operational arm of the National Cyber Security Division (NCSD) at the Department of Homeland Security (DHS), has issued a warning about on-going distributed denial-of-service attacks against different government institutions both in the USA and in the EU. According to the reports, these attacks are [...]

Symantec Says Only Use pcAnywhere for Business Critical Purposes

Ethical Hacker — Thu, 26 Jan 2012 08:24:10 +0000

(LiveHacking.Com) – In the on going saga about source code stolen from Symantec in 2006, the company has now updated its “Claims by Anonymous about Symantec Source Code” to notify its customers that “all pcAnywhere 12.0, 12.1 and 12.5 customers are at increased risk” and to “recommends that customers only use pcAnywhere for business critical [...]

New Version of Opera Released to Fix Cross-site Scripting Vulnerability

Ethical Hacker — Thu, 26 Jan 2012 07:58:14 +0000

(LiveHacking.Com) – Opera 11.61 has been released and it is recommended that all users upgrade to the latest version to benefit from the security and stablilty changes. With regards to security, Opera 11.61 fixes two security issues: An issue where manipulation of framed content can allow cross-site scripting. An issue where script events could be [...]

Symantec Releases Hotfix for pcAnywhere

Ethical Hacker — Wed, 25 Jan 2012 10:57:52 +0000

(LiveHacking.Com) – Symantec has released a hotfix for its pcAnywhere product to address multiple vulnerabilities. According to Symantec, pcAnywhere is susceptible to local file tampering elevation of privilege exploits and remote code execution exploits and as a results it is possible to execute arbitrary code on a targeted system as “System”. Affected Products: Symantec pcAnywhere [...]

4 Key Features of Good Endpoint Security Software

GFI Software — Tue, 24 Jan 2012 14:55:32 +0000

(Live-Hacking.Com) – Data leakage occurs when data that should have never left the physical confines of your company’s brick and mortar walls does, and control of that data is lost. One of the main reasons why this could happen is because companies lack endpoint protection. When a user copies data to their smartphone (think contacts, [...]

Linux 2.6.39 Memory Handling Vulnerability

Ethical Hacker — Tue, 24 Jan 2012 08:35:00 +0000

(LiveHacking.Com) – Exploits have started appearing that make it possible to gain root privileges on some versions of the Linux kernel due to a flaw in the /proc/<pid>/mem handling. The vulnerability first came to light when Linus Torvalds released a Linux kernel update last week to fix the flaw and the subsequent analysis of the bug at Nerdling Sapple. The bug, which was discovered [...]

Google Releases Chrome 16.0.912.77 to Fix a Critical Security Vulnerability

Ethical Hacker — Tue, 24 Jan 2012 08:10:26 +0000

(LiveHacking.Com) – Google has released Chrome 16.0.912.77 for Windows, Mac and Linux to fix a Critical use-after-free memory problem when using Safe Browsing navigation. The bug was found by Chamal de Silva who got over $3000 from Google for finding the problem. The full list of security related bugs fixed is: [$1000] [106484] High CVE-2011-3924: Use-after-free in [...]

Unauthorized Activity Within One of DreamHost’s Databases Prompts Password Resets

Ethical Hacker — Mon, 23 Jan 2012 09:53:27 +0000

(LiveHacking.Com) – DreamHost detected some unauthorized activity within one of its databases over the weekend. And as a precautionary measure it is forcing customers to change their Shell and FTP password. To do this users needed to access the DreamHost web panel and go to “Manage Users”, however the rush of customers wanting to protect [...]

McAfee to Patch Two Vulnerabilities in its SaaS for Total Protection

Ethical Hacker — Fri, 20 Jan 2012 07:59:54 +0000

(LiveHacking.Com) – Two vulnerabilities have been found in McAfee’s SaaS for Total Protection, one of which allows a customer’s system to be used as a spam relay. The problem, which was exposed on British art firm Kaamar Limited’s blog earlier this week, has been gaining more and more public attention and now McAfee has started [...]

OpenSSL Fix Flaw in Recent Bug Fix

Ethical Hacker — Fri, 20 Jan 2012 07:20:18 +0000

(LiveHacking.Com) – Earlier this month, the OpenSSL project released updates to two new versions (OpenSSL 1.0.0f and 0.9.8s) of the popular open source toolkit for SSL/TLS to fix a total of six security flaws. One of the vulnerabilities fixed (CVE-2011-4108) was in OpenSSL’s DTLS implementation which allowed an efficient plaintext recovery attack. However Antonio Martin from Cisco [...]

Norton Source Code Was Stolen in 2006 According to Symantec

Ethical Hacker — Thu, 19 Jan 2012 07:21:44 +0000

(LiveHacking.Com) – The hacking group calling itself “Lords of Dharmaraja” caused a stir recently when they claimed to have stolen the source code for Norton Antivirus. Symantec, the makers of Norton Antivirus, quickly denied the allegations say that the hackers had source code for for Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2 which are [...]

Oracle Fixes 78 Vulnerabilities But Questions Arise About Fundamental Flaws in its Flagship Database Product

Ethical Hacker — Wed, 18 Jan 2012 08:05:22 +0000

(LiveHacking.Com) – Oracle has released 78 security fixes, for its flagship database software, Fusion Middleware, e-Business Suite, Supply Chain, PeopleSoft, JDEdwards and Sun products, as part of January’s Critical Patch Update (CPU). Included were two fixes for the Oracle Database Server, seventeen for Oracle Sun products, three for Oracle Virtualization and a massive 27 in [...]

NSA Make an Initial Public Release of Security Enhanced Android

Ethical Hacker — Tue, 17 Jan 2012 08:48:45 +0000

(LiveHacking.Com) – The National Security Agency, part of the United States Department of Defense which is responsible for the interception and decryption of foreign communications, has made an initial public release of Security Enhanced (SE) Android, a special version of the Linux based mobile device operating system created to identify and address critical gaps in [...]

Zappos.com Hacked and Turns off Phones to Avoid Deluge of Calls from Customers

Ethical Hacker — Mon, 16 Jan 2012 08:23:49 +0000

(LiveHacking.Com) – Online shoes and clothing retailer Zappos.com has suffered a security breach. During the attack the hacker managed to gain access to parts of Zappos’ internal network through one of its servers in Kentucky. Zappos however say that the secure databases with the credit details and other payment data was not accessed. On Sunday [...]

Oracle to Patch 78 Security Vulnerabilities Across Hundreds of its Products

Ethical Hacker — Fri, 13 Jan 2012 13:48:46 +0000

(LiveHacking.Com) – Oracle has published a critical patch update pre-release announcement where it outlines its intention to patch 78 security vulnerabilities across hundreds of its products. Scheduled for Tuesday, January 17, 2012, the jumbo set of patches affect products such as Oracle Database (10g and 11g), VirtualBox and MySQL. For Oracle Database there are two security fixes [...]