Perl Scripting vulnerability – Data Dumper

Posted on computersecuritynews

Perl discussion at lsexperts.de  has a data Dumper vulnerability – review your Perl scripts to : Applications written in Perl should ensure that a sanity check on data serialized by Data::Dumper is performed.   WordPress vulnerabilities page which was recently set up. Andreas Kurtz found malicious iOS apps  after iOS 8 was released. The issue […]

Read more >

Bash shellcode reality

Posted on computersecuritynews

What started as an environment of function and usability on Unix systems has devolved in another security exploit mess. US -CERT has the report for both potential exploits now (one was patched)   all tools are there for hackers to exploit specific websites running Linux or Unix. That means  that there are many websites that […]

Read more >

Bash Shellcode truth

Posted on computersecuritynews

There are two Common Vulnerability and Exposure CVE-2014-6271 and CVE-2014-7169   Akamai has posted it’s response CERT has posted it’s vulnerability Note Red Hat has developed the following test: $ env x='() { :;}; echo vulnerable’ bash -c “echo this is a test” RedHat Blog also discusses it and has set up a FAQ Updating Bash on […]

Read more >

Cyber -Crime is big business – and it is living right next to you.

Posted on computersecuritynews

NTVUganda story   Don’t look at the details of McKinnon and his extradition battle etc.  (picture also from NTVUganda.co.ug) This is what is important: “Kenya’s Cabinet Secretary for Information Fred Matiang’i estimates that the country lost nearly Ksh2 billion ($22.56 million) to cyber crime, with close to 1,000 Kenyans falling victim to Internet fraud on […]

Read more >

OWASP has new Testing Guidelines Document

Posted on computersecuritynews

    OWASP Testing Guidelines 2014  In software development there are 5 stages: Define, Design, Develop, Deploy, and Maintain.   OWASP released some more overall testing methodology.  When to test is the question?  Ideally one tests at all stages of the SDLC (Software Development Life Cycle). But where is it most optimal to test? If […]

Read more >