Mar - 04 2015

On Tuesday March 3, 2015 it was announced that a flaw in SSL Security that is based on a old 512 bit exportable encryption type had been found. This flaw affects web servers and some web browsers. You can test your browser at ​https://freakattack.com/ IE 11 is not affected, IE10 partially affected see Microsoft response below. […]

Jan - 27 2015

A serious security flaw has been found in the glibc libraries that are core component of Linux.  CVE-2015-0235 has been setup for this issue. It affects Red Hat Linux and its variants (CentOS, OracleLinux), Debian Linux and its variants like Ubuntu.  The GHOST bug is a overflow bug that has been found in the gethostbyname feature […]

Jan - 25 2015

Another major flaw has been found in Android affecting all devices with Android 4.3 and earlier.  Google has stated they will not fix the issue in Webkit leaving an estimated 960+ million devices to be at risk.  Google recommends that developers write their own viewers to cover this flaw. But like any security issue, it […]

Jan - 21 2015

It appears from a article just posted by Mary Jo Foley that Microsoft will provide the Windows 10 upgrade for free for users of Windows 7, Windows 8 and Windows 8.1.​  It will also include Windows Phone 8.1 phones.  The catch seems to be that the upgrade will only be available for one year from […]

Jan - 20 2015

Recently a report for the most commonly used passwords for 2014 has come out.  Variations on 123456 are in the top 11 most used passwords.  The best things to do when creating a password is to mis-spell the word used, using Numbers, Punctuation characters and symbols, and upper and lower case can also help.  But […]

Nov - 06 2014

​Chrome, Firefox and Internet Explorer are making the move to discourage the use of SHA1.  Microsoft started the push for changing from SHA1 to SHA2 about 1 year ago, Google is choosing to be aggressive in what it shows to users of Chrome browser which is due around November 20 something. With Chrome Chrome will […]

Oct - 15 2014

Another SSL Vulnerability has been found in SSL v3.0.  You should consider changing to use TLS 1.0, 1.1 or 1.2. It is recommended to disable SSL v 3.0 on your secure websites. I recommend disabling at least PCT 1.0, SSL 2.0, SSL 3.0 on your IIS Servers. IIS 3.0-6.0 http://support.microsoft.com/kb/187498 IIS 7.0+ http://support.microsoft.com/kb/245030 RedHat Linux products https://access.redhat.com/articles/1232123 […]

Sep - 26 2014

Red Hat found another flaw in BASH that has been assigned CVE-2014-7169.  This is in addition to CVE-2014-6271 in the previous Blog entry.  CVE-2014-7169 affects Red Hat 4, 5, 6, and 7.  Red Hat released the update today 9/26/2014 https://access.redhat.com/security/cve/CVE-2014-7169​ NIST http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169 Debian https://www.debian.org/security/2014/dsa-3035 Ubuntu http://www.ubuntu.com/usn/usn-2363-2/ Oracle Linux http://www.oracle.com/technetwork/topics/security/alert-cve-2014-7169-2303276.html Cygwin for Windows – update released […]

Sep - 24 2014

A major flaw has been found in the BASH Shell for Linux,  CVE-2014-6271.  While in many cases this would require direct access to the system to take advantage of this flaw, if you have any CGI scripts on a website that are coded in BASH – your website may be in jeopardy. All BASH versions […]

Aug - 13 2014

Symantec recently published a Security Response document – Threats to virtual environments published 8/12/2014. This whitepaper provides a good outline that virtual servers are equally vulnerable to attack from Viruses and Malware as a physical server would be.  In fact they are even more vulnerable if the computer that is running a management console can […]

1 5 6 7