A security vulnerability in various MS Windows OS’s A remote code execution vulnerability exists in the HTTP protocol stack (HTTP.sys), and has the common vulnerability and exposures designation of CVE-2015-1635. It is caused when HTTP.sys improperly parses specially crafted HTTP requests. An attacker who successfully exploited this vulnerability could execute… Continue reading
A vulnerability in many Linux distributions This vulnerability resides in the GNU C Library (glibc), and has the common vulnerability and exposures designation of CVE-2015-0235. It exposes a buffer overflow flaw via calls to gethostbyname() and similar function calls. If exploited, an attacker could execute arbitrary code with the permissions… Continue reading
Vulnerability in Microsoft Secure Channel Microsoft Security Bulletin MS14-066 – A critical vulnerability affecting all versions of Microsoft Windows systems. The vulnerability resides in the Microsoft secure channel (schannel) security component that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) standard authentication protocols, affecting web, email (exchange),… Continue reading
SSL v3 “POODLE” Attack Padding Oracle On Downgraded Legacy Encryption The vulnerability is a Main in the middle (MITM) attack so isn’t trivially exploitable, but various sources indicate this has been seen in the wild. Currently there are no patches for this issue, OpenSSL, the world’s most used SSL library,… Continue reading
Here’s a few thoughts on the recent bash vulnerabilities: A lot of media reports have said only people calling CGI scripts with bash are at risk, but it extends much further than that due to the way the OS works. When spawning a new process (e.g. to start a CGI,… Continue reading
Google have announced that with the release of their Chrome v39 web brower, they are removing support for the older ‘SHA-1’ based SSL certificates, this is expected shortly. This will mean that sites accessed via Chrome v39 that use SHA-1 crt will generate a minor security flag. Further reading… Useful… Continue reading
Various technology news sites are reporting a remote code exploit for systems that use Bash shell ( Linux / C-Panel ) This may affect your servers. For more information see, http://seclists.org/oss-sec/2014/q3/650 Or search for ‘ CVE-2014-6271 ‘ The solution involves updating Bash to the latest patched version for your system…. Continue reading
We have been made aware that Bit Defender Anti Virus incorrectly considers our AVS portal URL, http://portal.netnorth.co.uk as being infected with malware, this is a false positive. We have informed Bit Defender and are awaiting a response. This does not effect normal AVS processing function. If you have any questions… Continue reading
We have been notified of a scheduled maintenance window for Cogent Communications (one of our IP Transit suppliers). This is due to occur on Saturday 24th May 2014 between 4am-7am UK local time whilst a router software upgrade is applied. We should notice very little, if any disruption during this… Continue reading
We would advise customers of a community announcement made on 7th April 2014 regarding a security vulnerability in the OpenSSL framework. The vulnerability, referred as ‘The Heartbleed Bug’ or ‘CVE-2014-0160’, is in OpenSSL’s implementation of TLS (Transport Layer Security), and affects versions of OpenSSL in the 1.0.1 series up to… Continue reading