Another SSL Vulnerability has been found in SSL v3.0.  You should consider changing to use TLS 1.0, 1.1 or 1.2. It is recommended to disable SSL v 3.0 on your secure websites. I recommend disabling at least PCT 1.0, SSL 2.0, SSL 3.0 on your IIS Servers. IIS 3.0-6.0 http://support.microsoft.com/kb/187498 IIS 7.0+ http://support.microsoft.com/kb/245030 RedHat Linux products https://access.redhat.com/articles/1232123 […]

Red Hat found another flaw in BASH that has been assigned CVE-2014-7169.  This is in addition to CVE-2014-6271 in the previous Blog entry.  CVE-2014-7169 affects Red Hat 4, 5, 6, and 7.  Red Hat released the update today 9/26/2014 https://access.redhat.com/security/cve/CVE-2014-7169​ NIST http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169 Debian https://www.debian.org/security/2014/dsa-3035 Ubuntu http://www.ubuntu.com/usn/usn-2363-2/ Oracle Linux http://www.oracle.com/technetwork/topics/security/alert-cve-2014-7169-2303276.html Cygwin for Windows – update released […]

A major flaw has been found in the BASH Shell for Linux,  CVE-2014-6271.  While in many cases this would require direct access to the system to take advantage of this flaw, if you have any CGI scripts on a website that are coded in BASH – your website may be in jeopardy. All BASH versions […]

Symantec recently published a Security Response document – Threats to virtual environments published 8/12/2014. This whitepaper provides a good outline that virtual servers are equally vulnerable to attack from Viruses and Malware as a physical server would be.  In fact they are even more vulnerable if the computer that is running a management console can […]