Vuln: Oracle Java SE CVE-2014-6513 Remote Security Vulnerability

Oracle Java SE CVE-2014-6513 Remote Security Vulnerability

Vuln: Oracle Java SE CVE-2014-6512 IP Address Spoofing Vulnerability

Oracle Java SE CVE-2014-6512 IP Address Spoofing Vulnerability

Vuln: Oracle Java SE CVE-2014-6519 Remote Security Vulnerability

Oracle Java SE CVE-2014-6519 Remote Security Vulnerability

Vuln: Oracle Java SE CVE-2014-6506 Remote Security Vulnerability

Oracle Java SE CVE-2014-6506 Remote Security Vulnerability

dkatana writes: The ongoing deployment of internet-of-things devices is already creating serious issues and discussions about the privacy of users, IoT security, and the potential threat of cyber criminals taking control of sensors and smart devices connected to the Internet. Security and privacy concerns associated with smart meters are why they are currently “optional” in several countries. That’s the case in the Netherlands after consumer organizations and privacy watchdog groups campaigned vigorously to stop the mandatory smart meter deployment. A report from researchers at Tilburg University claimed that “smart meters have the capacity to reveal quite privacy-sensitive information, thus affecting not only informational privacy but also privacy of the home and of family life.” This now applies to televisions as well — an article in Salon discusses the author’s new “smart” TV, which came with a 46-page privacy policy. Quoting: “It logs where, when, how and for how long you use the TV. It sets tracking cookies and beacons designed to detect ‘when you have viewed particular content or a particular email message.’ It records ‘the apps you use, the websites you visit, and how you interact with content.’ It ignores ‘do-not-track’ requests as a considered matter of policy. It also has a built-in camera — with facial recognition.”

Read more of this story at Slashdot.




This tutorial shows how to install an Ubuntu 14.10 (Utopic[he]nbsp[/he] Unicorn) server (with Apache2, BIND, Dovecot) for the installation of ISPConfig 3, and how to install ISPConfig 3. ISPConfig 3 is a webhosting control panel that allows you to configure the following services through a web browser: Apache or nginx web server, Postfix mail server, Courier or Dovecot IMAP/POP3 server, MySQL, BIND or MyDNS nameserver, PureFTPd, SpamAssassin, ClamAV, and many more. This setup covers the installation of Apache (instead of nginx), BIND (instead of MyDNS), and Dovecot (instead of Courier).

[security bulletin] HPSBPI03147 rev.1 – Certain HP Color LaserJet Printers, Remote Unauthorized Access, Denial of Service (DoS)

[security bulletin] HPSBUX03162 SSRT101767 rev.1 – HP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) Attack

[SYSS-2014-008] McAfee File and Removable Media Protection (FRP/EEFF/EERM) – Use of a One-Way Hash with a Predictable Salt (CVE-2014-8565)

An anonymous reader writes: The Wall Street Journal reports that Andy Rubin is leaving Google. Rubin co-founded Android in 2003 and stayed on when the company was acquired by Google in 2005. Rubin led Android through the acquisition of over a billion users, until 2013 when he moved to Google’s robotics division. He was replaced in the Android division by Sundar Pichai, who continues in charge of that, Chrome, Google+, and many other products. Rubin’s robotics role will be filled by James Kuffner. “Mr. Rubin’s departure is a blow to Google’s robotics efforts. However, Mr. Kuffner is experienced in the sector, having worked on human-like robot technology for over two decades, including seven years at Carnegie Mellon University and five years on Google’s self-driving car project.”

Read more of this story at Slashdot.




Posted by Salvatore Bonaccorso on Oct 31

————————————————————————-
Debian Security Advisory DSA-3060-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
October 31, 2014 http://www.debian.org/security/faq
————————————————————————-

Package : linux
CVE ID : CVE-2014-3610 CVE-2014-3611…

Friday’s security updates

CentOS has updated php (C6; C7: multiple vulnerabilities),
php53 (C5: multiple vulnerabilities), and wget (C6; C7:
code execution).

Debian has updated kernel
(multiple vulnerabilities).

Fedora has updated sddm
(F21: multiple vulnerabilities).

Mageia has updated file
(denial of service) and dokuwiki (multiple vulnerabilities).

Oracle has updated kernel (O5; O6; O6; O7: multiple vulnerabilities),
php (O6; O7: multiple vulnerabilities), php53 (O5: multiple vulnerabilities), and wget (O6; O7:
code execution).

Red Hat has updated kernel
(RHEL6: multiple vulnerabilities), php
(RHEL6,7: multiple vulnerabilities), php53 (RHEL5: multiple vulnerabilities), php54-php (SC1: multiple vulnerabilities), php55-php (SC1: multiple vulnerabilities), and wget (RHEL6,7: code execution).

Ubuntu has updated kernel
(14.04: multiple vulnerabilities), linux-lts-trusty (12.04: multiple vulnerabilities), and wget (code execution).

Q3 sales and profits up – but not enough to hit certain vendor rebate targets

It was a mixed bag of a third calendar quarter for reseller titan Insight Enterprises: sales shot up, as did operating profit, but gross margin was slapped by lower vendor rebates and overheating admin expenses.…

Do you use Drupal for your personal website? Does your company use Drupal? Can’t recall the last time it was patched? Well then, as Steve Ragan outlines in this article, it is a safe bet to assume that you’ve already been compromised.

Posted by Security Explorations on Oct 31

Hello All,

We've been recently informed by a 3rd party that Oracle planned to release
fixes for the vulnerabilities covered by our SE-2014-01 [1] project in Nov
2014.

We initially thought that someone mistakenly took Oct for Nov (Oracle CPU
was released on Oct 14, 2014), but the credibility of the source of this
information made us dig a little bit further into this.

As a result we found out the following.

OJVM PSU patches covering…

Posted by SEC Consult Vulnerability Lab on Oct 31

SEC Consult Vulnerability Lab Security Advisory < 20141031-0 >
=======================================================================
title: XML External Entity Injection (XXE) and Reflected XSS
product: Scalix Web Access
vulnerable version: 11.4.6.12377 and 12.2.0.14697
fixed version: -
impact: Critical
homepage: http://www.scalix.com/
found: 2014-08-27…

Posted by matthias . deeg on Oct 31

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Advisory ID: SYSS-2014-008
Product(s): McAfee Endpoint Encryption for Files and Folders (EEFF)
McAfee File and Removable Media Protection (FRP)
Vendor: McAfee, Inc.
Affected Version(s): EEFF 3.2.x, 4.0.x, 4.1.x, 4.2.x; FRP 4.3.0.x
Tested Version(s): 4.2.0.164
Vulnerability Type: Insufficient Entropy (CWE-331)
Use of a One-Way Hash…

itwbennett writes: Assuming that people who use the anonymity network want to also use Facebook, the social network has made its site available on Tor, Facebook software engineer Alec Muffett said in a post on Friday. Facebook also decided to encrypt the connection between clients and its server with SSL, providing an SSL certificate for Facebook’s onion address. This was done both for internal technical reasons and as a way for users to verify Facebook’s ownership of the onion address. Since it is still an experiment, Facebook hopes to improve the service and said it would share lessons learned about scaling and deploying services via an onion address over time.

Read more of this story at Slashdot.




Posted by security-alert on Oct 31

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04492722

SUPPORT COMMUNICATION – SECURITY BULLETIN

Document ID: c04492722
Version: 1

HPSBUX03162 SSRT101767 rev.1 – HP-UX Running OpenSSL, Remote Denial of
Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) Attack

NOTICE: The information in this Security Bulletin should be acted upon…

Posted by security-alert on Oct 31

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04483249

SUPPORT COMMUNICATION – SECURITY BULLETIN

Document ID: c04483249
Version: 1

HPSBPI03147 rev.1 – Certain HP Color LaserJet Printers, Remote Unauthorized
Access, Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release…