Mar
27

DoubleAgent: can take control over your antivirus

double-agent

Cybellum security has discovered a zero-day vulnerability, which can turn any antivirus into a malicious application. Called DoubleAgent (DoubleAgent, since antivirus is treated as a trusted application, but through that exploit can take full control over Windows) exploits a 15 year old vulnerability which works on all versions of Microsoft Windows, starting from Windows XP right up to the latest release of Windows 10.

Mar
24

GNOME 3.24 Desktop Environment Released

The GNOME Project is proud to announce the official availability of the long-anticipated GNOME 3.24 desktop environment for Linux-based operating systems.

Mar
22

Next level ransomware: a group of hackers extorting Apple in exchange for access to user accounts

apple-logoInstead of extorting individual people, hackers have moved on to corporations. In the age of clouds, it is very easy to do. A hacker or group of hackers is apparently trying to extort Apple over alleged access to a large cache of iCloud and other Apple email accounts.

Sep
26

Shellshock bug testing for vulnerability

There's a new bug that has been discovered recently, requiring affecting most linux systems running bash. You can read more about it here, but the question most often asked is: how to check if you are vulnerable? Here's a simple way to find out. Login to your Linux box and run the following:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

The output will be, if you are not vulnerable:

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

If you are vulnerable:

vulnerable
this is a test

Update (Oct 2): Here's a newer version of the test script. It incorporates tests for all of the other bugs related to shellshock

Download link

Test results are self explanatory:

If not vulnerable (will appear in a healthy-green colour):

Not vulnerable to CVE-2014-6271 (original shellshock)
Not vulnerable to CVE-2014-7169 (taviso bug)
Not vulnerable to CVE-2014-7186 (redir_stack bug)
Test for CVE-2014-7187 not reliable without address sanitizer
Variable function parser inactive, likely safe from unknown parser bugs

If vulnerable:

Variable function parser active, maybe vulnerable to unknown parser bugs
Vulnerable to CVE-2014-6271 (original shellshock)
Vulnerable to CVE-2014-7169 (taviso bug)
Vulnerable to CVE-2014-7186 (redir_stack bug)
Test for CVE-2014-7187 not reliable without address sanitizer
Vulnerable to CVE-2014-6277 (lcamtuf bug #1)

 

May
01

Microsoft Patches all versions of Internet Explorer

This security update resolves a publicly disclosed vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted webpage using an affected version of Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Patch can be downloaded from here:

https://technet.microsoft.com/library/security/ms14-021

Mar
13

Joomla issues upgrade to patch critical SQL vulnerability

joomla logo

Joomla's developers have released a fix to critical SQL injection vulnerability in the 3.2.3 update, but still are coming under fire for taking a month to address the issue. According to ThreatPost, researchers at Sucuri have associated the SQL fix with a month-old vulnerability that was described at exploit-db.com.

The Scip vulnerability database provides this description: “Affected by this issue is an unknown function of the file /index.php/weblinks-categories.

"The manipulation of the argument id with the input value 0%20%29%20union%20select%20password%20from%20%60k59cv_users%60%20--%20%29 leads to a sql injection vulnerability. Impacted is confidentiality, integrity, and availability.”

So patch your Joomlas!

Nov
24

LibreOffice 4.2.0 Beta 1 is available for download

LibreOffice 4.2.0 Beta1 is available for download.

Many new minor enhacements were added. (See the full list).

Nov
07

Internet Explorer 11 release preview

Every web developer's dream is a world with just one browser. That's not happening, so brace yourselves for the new version of Internet Explorer - version 11. Google has established a new trend - a new version of Chrome for every full moon. Microsoft and Mozilla have nothing left but to follow the trend to stay afloat. 

New features in Internet Exlorer 11: 

Ehh... How about a cartoon instead? 

 

Oct
29

What's New In CiviCRM 4.4

New features in CiviCRM 4.4 - a presentation from London CIVICON: