There’s a remotely exploitable vulnerability in several versions of the Google Search Appliance that could allow an unauthenticated attacker to execute a cross-site scripting attack and run a script in the context of the user’s browser. The Google Search Appliance is an enterprise product that enables users to search for content from a wide variety[...]
Browsing Tag: vulnerabilities
The devices that control traffic lights and electronic signs in many cities are vulnerable to a number of attacks, can be exploited quite easily and used to spread malware from device to device.
UPDATE – Viber, a messaging and VoIP application similar to WhatsApp, is in the middle of patching a vulnerability that could allow an attacker to view sensitive information shared between users like images, videos and location information.
UPDATE – The Apache Software Foundation will re-issue at patch for a ClassLoader manipulation zero-day vulnerability in Struts. The fix is expected to be ready within 72 hours; a workaround is available.
Amidst all of the fallout related to Heartbleed, Oracle is doing its best to keep users apprised of its efforts to patch any and all software that may be vulnerable to the OpenSSL issue.
Swedish VPN providers Mullvad report that private keys moving through OpenVPN installations are not immune to Heartbleed OpenSSL exploits.
Netcraft reports that certificates on 80,000 of the half-million Web servers vulnerable to Heartbleed exploits have been revoked.
A cryptanalysis of TrueCrypt, the second half of an audit of the open source encryption software, will involve a small team of experts who will manually audit the code.
Web application security begins with the developer’s comfort level and familiarity with a programming language. WhiteHat Security’s latest report examines the security of six top languages.
The Heartbleed story advanced over the weekend with word of researchers exploiting the OpenSSL flaw to steal private SSL keys, and the loss of data on websites in the U.K. and Canada.