Home Admin


CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow vulnerability

A new vulnerability has been discovered by Googles Online Security research team. It affects the glibc library and can potentially lead to DOS and code executions. How severe this is to your infrastructure depends on many factors – it is recommended to patch the issue as soon as possible. “Our initial investigations showed that the […]

Social engineering Amazon shipping details

I must admit: It’s been some time. But this particular topic is not only interesting but also critically impacting some people’s privacy. Some things are shocking: Can a big company such as Amazon put your details at risk? Can Amazon easily be social engineered? As of today we know: Yes, and it’s even easier than […]

Did you secure everything this week?

Thought it would be an excellent time for a small blog post about this weeks security issues and patches. A large number of  updates was released – keeping not only ITSec but also sysadmins quiet busy. Let’s ensure you didn’t forget one of those… and I bet you were affected by at least one of […]

Short News: mSpy data “not” leaked!

mSpy is a snoopware which installs on mobile devices/desktop computers and offers various paid packages. Unfortunately I didn’t have much time to write in the last weeks and this news are quite old (about a week) but still noteworthy as mSpy keeps denying that they’ve been hacked even though customers which appeared in the meanwhile leaked dump […]

Short News: Twitch.tv breach

Twitch.tv, the live streaming platform now owned by Amazon.com, might have suffered a data breach. In a short blog post on the Twitch Blog, they state that […] there may have been unauthorized access to some Twitch user account information […] – Twitch Blog They’ve disconnected all associated twitter and steam accounts and forced a […]

Critical OpenSSL update is live!

The new OpenSSL patch I’ve written about yesterday is now released. Shortly before the release they had to fix another issue within the OpenSSL patches which are now released. You can find new Version here: http://openssl.org/source/ – the packages for most linux distributions are probably in the work right now. (Check relevant links below) As the […]

March 19: OpenSSL update

The OpenSSL team announced that there will be security fixes in the OpenSSL releases 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf which will be published on the 19th march. The announcement states that the highest severity being fixed is “high”. The highest severity defect fixed by these releases is classified as “high” severity. – OpenSSL Project Team The OpenSSL […]

Short News: OpenSSL…”FREAK” attack

And once again an OpenSSL vulnerability has been disclosed. It was disclosed by Karthikeyan Bhargavan and the mitLS team. As every vulnerability needs a fancy name these days, this one is called FREAK attack. The vulnerability allows attackers to intercept HTTPS connections between vulnerable clients and servers and force them to use ‘export-grade’ cryptography, which can then be […]

Dropbox syncs all your files on the same partition!

[Please read the update at the bottom!] While working on setting up Data Leakage Protection Endpoint in a production environment, Security Specialist Mekin Pensen discovered that Dropbox touches way more files than it actually should. In his test, he installed Dropbox to the C: Partition of his windows computer and opted-in for selective sync, which states […]

Three SSL/TLS Tools you need to know!

Not only when working on IT-Security related things but also for daily sysadmin stuff, it’s essential to have the right tool to do the job. Below are my three favorite tools I use when configuring, debugging and researching SSL/TLS related things. Let’s face it… with all these recent issues, it’s necessary to deal with SSL […]