Collaborate Disseminate
A domain name system server implementation is at risk of remote code execution, information exposure and denial-of-service attacks after a seven vulnerability were disclosed by Google and patched by the maintainers of Dnsmasq. Continue reading Google Warns of DoS and RCE Bugs in Dnsmasq
Update: Find working Exploits and Proof-of-Concepts at the bottom of this article.
Security researchers have discovered more than a decade-old vulnerability in several Unix-based operating systems — including Linux, OpenBSD, NetBSD, FreeBSD and Solaris — which can be exploited by attackers to escalate their privileges to root, potentially leading to a full system takeover.
Dubbed Stack Clash
Continue reading A Decade Old Unix/Linux/BSD Root Privilege-Escalation Bug Discovered
“Stack Clash” poses threat to Linux, FreeBSD, OpenBSD, and other OSes. Continue reading Serious privilege escalation bug in Unix OSes imperils servers everywhere
Patches are available for a newly discovered Linux, BSD and Solaris vulnerability called Stack Clash that bypasses stack guard-page mitigations and enables root access. Continue reading Stack Clash Vulnerability in Linux, BSD Systems Enables Root Access
The Samba Team has patched a severe bug that leaves computers vulnerable to wormable exploit. Continue reading Samba Patches Wormable Bug Exploitable With One Line Of Code
In this 2014 blog post from an apparently anti-BSD blog, the author criticizes BSD jails for being poorly designed and therefore insecure.
The opening paragraph reads:
If you’re thinking of employing FreeBSD jails in your server environment or use them to run insecure applications, it will be good for you to reconsider those options. Jails are one some of the most vulnerable phony “security” features ever put forth by fraudsters. They have been found to be even more insecure then a basic unix chroot and worst they even make it easier to gain control of your kernel with certain types of attacks.
The article goes on to lambast jails for having a backdoor that was installed by a control-freak developer, excessive overhead, and so on.
Obviously the author is quite biased, in my opinion pathologically so. That said, is there merit to these claims? Are BSD jails an inadequate solution for securing applications on a web server?
Former New York City Mayor Rudolph W. Giuliani has been appointed as a cyber security advisor for the President-elect Donald Trump, but it appears that he never actually checked the security defenses of his own company’s website.
Giuliani is going to … Continue reading Donald Trump appoints a CyberSecurity Advisor Whose Own Site is Damn Vulnerable
Former New York City Mayor Rudolph W. Giuliani has been appointed as a cyber security advisor for the President-elect Donald Trump, but it appears that he never actually checked the security defenses of his own company’s website.
Giuliani is going to … Continue reading Donald Trump appoints a CyberSecurity Advisor Whose Own Site is Damn Vulnerable
The BSD libc library was updated recently to address a buffer overflow vulnerability that could have allowed an attacker to execute arbitrary code.
Continue reading Buffer Overflow in BSD libc Library Patched
Around five years after unknown hackers gained unauthorized access to multiple kernel.org servers used to maintain and distribute the Linux operating system kernel, police have arrested a South Florida computer programmer for carrying out the attack.
… Continue reading Hacker Who Hacked Official Linux Kernel Website Arrested in Florida