security hole

FreeBSD today released a core (kernel) patched to plug “arc4random predictable sequence vulnerability” security hole in its operating systems version 6.x and 7.x stable release. When the arc4random random number generator is initialized, there may be inadequate entropy to meet the needs of kernel systems which rely on arc4random; and it may take up to 5 minutes before arc4random is reseeded with secure entropy from the Yarrow random number generator. All security-related kernel subsystems that rely on a quality random number generator are subject to a wide range of possible attacks. This update has been rated as having important security impact.

{ 0 comments }

Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting.

{ 5 comments }

An unpatched security hole in Ubuntu Linux 8.04 LTS operating system could be used by attackers to send a crafted packet and cause a denial of service via application crash in applications linked against OpenSSL to take control of vulnerable servers.

{ 0 comments }

FreeBSD – Some vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks.

{ 0 comments }

Forensics is the art and science of applying computer science to aid the legal process.

{ 0 comments }