OpenX schon wieder offen...
Diesmal mit einer Hintertür in den Downloadarchiven. Das SVN scheint nicht betroffen gewesen zu sein.
heise online: Achtung: Anzeigen-Server OpenX enthält eine Hintertür (Jürgen Schmidt)
In den offiziellen Downloads vom OpenX-Server hat heise Security eine Hintertür gefunden, die offenbar seit fast einem Jahr vorhanden ist und bereits aktiv für Angriffe auf Anzeigen-Server genutzt wird.
In den offiziellen Downloads vom OpenX-Server hat heise Security eine Hintertür gefunden, die offenbar seit fast einem Jahr vorhanden ist und bereits aktiv für Angriffe auf Anzeigen-Server genutzt wird.
#fail :headbang
dynalogin
Haven't heard about this before.
The dynalogin project was started in 2010 by Daniel Pocock. Pocock's professional experience includes engineering secure connectivity solutions for organisations like UBS in Zurich, Switzerland. The dynalogin project has been shared openly from the beginning as GPL-licensed free software in the interest of promoting a more secure Internet for everybody.
Haakon Meland Eriksen likes this.
Backdoor in Piwik download
The SVN repository seems to be unaffected, but you should check your installations.
Backdoor found in Piwik analytics software
The Piwik web analytics software's server appears to have been compromised and has recently been serving a manipulated version of the software which gives attackers access to the server and surrounding system
Security 101 : Security Basics in 140 Characters Or Less
Very amusing to read these short security wisdoms.
SANS Internet Storm Center: 301 Moved Permanently
Security 101 : Security Basics in 140 Characters Or Less, Author: Tom Liston
It was one of THOSE gigs: an internal penetration test against a client that, considering the amount of personal information they held on their customers, should have been well prepared. And yet, we went from "you-can-plug-your-laptop-in-over-there" to "Domain Admin" in... well, let's just say a "shockingly small" number of hours. And it just went downhill from there...
Last night I have read the article "Key-based authentication with SSH and VNC" from the ADMIN Magazin Special "Tricks with SSL and SSH" by James Stanger. When I was reading this article I was totally loosing faith in this magazine or my knowledge about SSH, public/private keys and understanding of security in IT. Also after reading it for a 2nd time now I feel totally lost.
Is he really a security consultant? I couldn't believe what I have read or am I totally misunderstanding his points?
Is he really a security consultant? I couldn't believe what I have read or am I totally misunderstanding his points?
openX security update again without notice
5 days ago there was again a security update for #OpenX Open and I heard nothing about it. Just found it in coincidence now when I was cleaning up some things. That is really annoying with OpenX.
This website is tracked using the Matomo analytics tool. If you do not want that your visits are logged in this way you can set a cookie to prevent Matomo / Piwik from tracking further visits of the site (opt-out).
Haakon Meland Eriksen
in reply to Klaus Weidenbach • •Klaus Weidenbach
in reply to Klaus Weidenbach • •Sometimes I ask myself if CentOS was the right decision for my server, but I had not so good experiences with Debian at work for some production machines.