1. butterfly labs email addresses database went to spammers

    As I’ve previously mentioned I have separate mailbox setup for every website I register with, this way I can track compromised websites and block senders accordingly in case of security breaches. I’ve already written about compromised cex.io, this time it was butterfly labs, I’ve just received spam message offering scrypt miner to specific address used only with bfl. I didn’t trust bfl from the beginning, but had some hope that they would actually deliver, but not after this.

    תגיות: , , , , ,

  3. Security Vulnerability CVE-2014-0160 (Heartbleed)

             CVE-2014-0160 – Heartbleed got us all with pants down, there’s a new vulnerability found in a pretty recent version of openssl, it affects all versions starting 1.0.1 and fixed in 1.0.1g, it got a name debian vendors claim that the fixed version is 1.0.1e-2+deb7u5, but while I was writing this post openssl-1.0.1e-2+deb7u5 was gone and openssl-1.0.1e-2+deb7u6 replaced it, Debian announcement  did not update on this one.

    Here’s how you patch CVE-2014-0160 on debian/ubuntu:

    Debian:

    Squeeze – unaffected

    Wheezy  –

    apt-get update

    apt-get install openssl=1.0.1e-2+deb7u6

    Ubuntu:

    for example on 12.04

    apt-get update

    apt-get install openssl=1.0.1-4ubuntu5.12

    other versions – check yourself,

    when you finished fixing it, don’t forget to  /etc/init.d/ssh restart

    and keep security in your sources list!

    תגיות: , , , , , , ,