Brian's Science a...
Follow
Find tag "vulnerability"
913 views | +0 today
Your new post is loading...
Your new post is loading...
Scooped by Brian Haddock
Scoop.it!

Shellshock vulnerability - critical security vulnerability discovered in Bash (Bourne-Again Shell)

Shellshock vulnerability - critical security vulnerability discovered in Bash (Bourne-Again Shell) | Brian's Science and Technology | Scoop.it
If your Linux/Unix (or Apple Mac OS X) applications are running with root permissions and call on the shell, this vulnerability (called “Bash Bug” or “$hellshock”) is huge as it allows an attacker to remotely execute shell commands by attaching malicious code into environment variables used by the OS. The flaw is present in GNU Bash versions 1.14 through 4.3 (yup, this bug’s been around for 22 years now). Basically the flaw allows the attacker to create environment variables that contain trailing code – and the code gets executed as soon as the bash shell is invoked. And yes, it’s exploitable over the network. http://geekslop.com/2014/shellshock-vulnerability-critical-security-vulnerability-discovered-bash-bourne-shell
more...
No comment yet.
Scooped by Brian Haddock
Scoop.it!

Heartbleed OpenSSL (SSL/TLS) vulnerability - analysis of a mind-blowingly simple bug

Heartbleed OpenSSL (SSL/TLS) vulnerability - analysis of a mind-blowingly simple bug | Brian's Science and Technology | Scoop.it
The OpenSSL encryption flaw, known as the Heartbleed bug, is being called one of the biggest security flaws ever seen on the Internet. One security analyst called it “catastrophic” and said that on a scale of 1 to 10, the vulnerability was an 11. The newly discovered vulnerability isn’t “big news” because of its complexity, but for the fact that the amazingly simple bug existed for two years before anyone noticed allowing millions of servers to remain vulnerable and open to hacker attacks. http://geekslop.com/2014/heartbleed-openssl-ssl-tls-vulnerability-hacker-bug-analysis
more...
No comment yet.