Oh, the irony! Identity theft protection service LifeLock has exposed millions of their customers’ email addresses. And according to Krebs on Security, the exploitable vulnerability was so basic that it seems “that whoever put it together lacked a basic understanding of Web site authentication and security”!
By now you have probably heard about the enormous security flaw that was recently discovered that, experts say, left thousands of applications and devices vulnerable to remote attacks and control. It is a flaw that has been around since 2009, and has the potential to affect any server that is running any post-2008 version of the Gnu C open source library called glibc. It is the function getaddrinfo() within the glibc library that has the flaw, and it is so widely distributed that it is impossible to estimate just how many applications and hardware installs are running the flawed versions (of which there are at least 7 main version and dozens of incremental update versions).
Microsoft has released a critical update to patch a “privately reported” Microsoft Secure Channel (“Schannel”) vulnerability which affects all current versions of Windows and Windows Server. Says Microsoft, “This security update resolves a privately reported vulnerability in the Microsoft Secure Channel (Schannel) security package in Windows.”
The Zero Day Initiative (ZDI) has revealed a critical vulnerability in Microsoft Explorer 8 (IE 8) that Microsoft was first alerted to more than 7 months ago, and never bothered to issue a patch for or to fix. Here’s the scoop, and what to do to protect yourself from the CVE-2014-1770 vulnerability.
Microsoft has issued a security advisory (#981374) for a vulnerability in Internet Explorer 6 (IE 6) and Internet Explorer 7 (IE 7) that could allow someone to remotely execute code on your PC – that is, to remotely operate your computer.