OpenSSL Security Updates – Severity: High

A new set of security updates for OpenSSL were just released this morning to address various security vulnerabilities, some of which are considered to be “high” severity. Please update as soon as possible. To update keep an eye open for Linux distro updates via package managers such as yum, apt-get, etc. Control panel updates for cPanel and others will be released over […]

The Sony Hack: An Inside Job. Here’s why…

From day one, as details leaked about stolen system administrator passwords, many of us knew that the Sony Hack had to have been an inside job. The simple reason is that system administrators setup notifications for both denied login attempts and more importantly, alerts for successful logins. These hackers reportedly stole a “System’s Administator’s password” which […]

Poodlebleed vulnerability SSL version 3.0

Google Online Security blog released details of a SSLv3 vulnerability called POODLE attack. Here you’ll find links to all the important info, all in one place! Official website: poodlebleed.com (Test your website against Poodlebleed) Security advisory (PDF download) | Google Blog | Firefox Blog | OpenSSL update | Red Hat | Nice article Fedora Blog | Discussion on […]

CVE-2014-6271: Vulnerability in Bash allows remote execution of arbitrary code

Patch instructions for CVE-2014-6271 and CVE-2014-7169 are at the end of this post. UPDATE 1: Patching Bash may not be the end of this. There’s still discussion regarding if the changes completely fixed or not. UPDATE 2: Another patch being tested. UPDATE 3: From Red Hat “Red Hat has become aware that the patch for CVE-2014-6271 is incomplete. An attacker can […]

Patched Servers Remain Vulnerable to Heartbleed OpenSSL

If an attacker has already exploited the Heartbleed bug to steal your SSL private keys they can continue to decrypt all past and future traffic even after the vulnerability has been patched. A security vulnerability in OpenSSL called the Heartbleed bug (CVE-2014-0160) has been found. This vulnerability has been open for exploit for about 2 years but was only recently […]