Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Exim patches a major security bug found in all versions that left millions of Exim servers vulnerable to security attacks [Ed: If only we saw similar headlines about Microsoft Windows each time a hole was found in Photoshop...]

    A vulnerability was found in all the versions of Exim, a mail transfer agent (MTA), that when exploited can let attackers run malicious code with root privileges.

  • KeePass Password Safe 2.43

    KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish).

    KeePass is really free, and more than that: it is open source (OSI certified). You can have a look at its full source and check whether the encryption algorithms are implemented correctly.

  • Live Patching Case Study of GESIS

    You can save time and resources by using Live Patching. GESIS is one of the many organizations who achieved excellent results using SUSE Linux Enterprise Live Patching. Here we outline some of those results so you can make an assessment about how these can apply to your environment.

  • Linux Kernel flexcop_usb_probe Function NULL Pointer Dereference Vulnerability [CVE-2019-15291]

    A vulnerability in the Linux Kernel could allow a local attacker to cause a denial of service (DoS) condition on a targeted system.

    The vulnerability is due to a NULL pointer dereference condition that exists in the flexcop_usb_probe function, as defined in the drivers/media/usb/b2c2/flexcop-usb.c source code file of the affected software.

    An attacker with physical access to a targeted system could exploit this vulnerability by inserting a USB device that submits malicious input to the targeted system. A successful exploit could cause a DoS condition on the system.

  • Here's How Vivaldi for Android Protects Your Privacy and Keeps Your Data Secure

    After announcing the Vivaldi for Android mobile web browser, Vivaldi Technologies shared with us some details on how they managed to build a secure and privacy-aware browser on Android.
    We all know that Google's Android mobile operating system ships with a built-in web browser core, which is based on the same code that Google Chrome was built it. This internal browser core lets users view basic web pages when setting up their Android device for the first time.

    Once the device is all set up, most probably the user has installed his favorite web browser app from the Play store. This is where Vivaldi for Android comes to fill the gap, as it's not using Android's built-in browser core, which makes it secure and privacy-aware.