Linux Security Checklist is a perl script that audits a given Linux host and provides recommendations for security enhancements.

HP Security Bulletin - A potential security vulnerability has been identified in the Aries PA-RISC emulation software running on HP-UX IA-64 platforms only. This vulnerability may allow local unauthorized access.

Ubuntu Security Notice USN-715-1 - Hugo Dias discovered that the ATM subsystem did not correctly manage socket counts. It was discovered that the inotify subsystem contained watch removal race conditions. Dann Frazier discovered that in certain situations sendmsg did not correctly release allocated memory. Helge Deller discovered that PA-RISC stack unwinding was not handled correctly. It was discovered that the ATA subsystem did not correctly set timeouts. It was discovered that the ib700 watchdog timer did not correctly check buffer sizes.

Secunia Security Advisory - SUSE has issued an updated for libtiff. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.

Secunia Security Advisory - SUSE has issued an update for WebYaST and SUSE Studio Standard Edition. This fixes a vulnerability, which can be exploited by malicious people to manipulate certain data.

Secunia Security Advisory - SUSE has issued an update for java-1_7_0-openjdk. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system.

Secunia Security Advisory - SUSE has issued an update for chromium. This fixes multiple vulnerabilities, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

Secunia Security Advisory - SUSE has issued an update for virtualbox. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

Secunia Security Advisory - SUSE has issued an update for libupnp. This fixes three vulnerabilities, which can be exploited by malicious people to compromise an application using the library.

Secunia Security Advisory - SUSE has issued an update for apache2. This fixes two weaknesses, a security issue, and a vulnerability, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to bypass certain security restrictions and conduct cross-site scripting attacks.

Secunia Security Advisory - SUSE has issued an update for apache2. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.

Secunia Security Advisory - SUSE has issued an update for v8. This fixes two vulnerabilities, which can be exploited by malicious people to compromise an application using the library.

Secunia Security Advisory - SUSE has issued an update for kernel. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

Secunia Security Advisory - SUSE has issued an update for MySQL. This fixes multiple vulnerabilities, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct brute force attacks.

Secunia Security Advisory - SUSE has issued an update for gnutls. This fixes a vulnerability, which can be exploited by malicious people to potentially cause a DoS (Denial of Service) in an application using the library.

Secunia Security Advisory - SUSE has issued an update for opera. This fixes multiple vulnerabilities, where one has an unknown impact and others can be exploited by malicious people to compromise a user's system.

Secunia Security Advisory - SUSE has issued an update for opera. This fixes a vulnerability with an unknown impact.

Secunia Security Advisory - SUSE has issued an update for flash-player. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system.

Secunia Security Advisory - SUSE has issued an update for wireshark. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

Secunia Security Advisory - SUSE has issued an update for libvirt. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a vulnerable system.

Secunia Security Advisory - SUSE has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious people to conduct clickjacking attacks.

Secunia Security Advisory - SUSE has issued an update for libvirt. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

Secunia Security Advisory - SUSE has issued an update for ruby on rails. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct SQL injection attacks and to compromise a vulnerable system.

Mandriva Linux Security Advisory 2015-046 - Stephen Roettger of the Google Security Team, Sebastian Krahmer of the SUSE Security Team and Harlan Stenn of Network Time Foundation discovered that the length value in extension fields is not properly validated in several code paths in ntp_crypto.c, which could lead to information leakage or denial of service. Stephen Roettger of the Google Security Team reported that ACLs based on IPv6 ::1 addresses can be bypassed.

Mandriva Linux Security Advisory 2015-140 - If no authentication key is defined in the ntp.conf file, a cryptographically-weak default key is generated. ntp-keygen before 4.2.7p230 uses a non-cryptographic random number generator with a weak seed to generate symmetric keys. A remote unauthenticated attacker may craft special packets that trigger buffer overflows in the ntpd functions crypto_recv() (when using autokey authentication), ctl_putdata(), and configure(). The resulting buffer overflows may be exploited to allow arbitrary malicious code to be executed with the privilege of the ntpd process. A section of code in ntpd handling a rare error is missing a return statement, therefore processing did not stop when the error was encountered. This situation may be exploitable by an attacker. Stephen Roettger of the Google Security Team, Sebastian Krahmer of the SUSE Security Team and Harlan Stenn of Network Time Foundation discovered that the length value in extension fields is not properly validated in several code paths in ntp_crypto.c, which could lead to information leakage or denial of service. Stephen Roettger of the Google Security Team reported that ACLs based on IPv6 ::1 addresses can be bypassed. The ntp package has been patched to fix these issues.

HP Security Bulletin - A potential vulnerability has been identified with Openview Network Node Manager (OV NNM). This vulnerability could be exploited remotely by an unauthorized user to gain privileged access. Affected versions: Openview Network Node Manager (OV NNM) 6.2, 6.4, 7.01, 7.50 running on HP-UX, Solaris, Windows NT, Windows 2000, Windows XP, and Linux.

Debian Security Advisory DSA 830-1 - Drew Parsons noticed that the post-installation script of ntlmaps, an NTLM authorization proxy server, changes the permissions of the configuration file to be world-readable. It contains the user name and password of the Windows NT system that ntlmaps connects to and, hence, leaks them to local users.

Cisco Security Advisory - Multiple vulnerabilities exist in the Cisco ASA 5500 Series Adaptive Security Appliances and Cisco PIX Security Appliances. These include Windows NT domain authentication bypass, IPv6 denial of service, and a Crypto Accelerator memory leak.

In a previous article, I had a conversation with former-CIA chief Jim Woolsey to discuss one of America’s greatest national security vulnerabilities, its power grid. The issues that Woolsey has been concerned with for over a decade has been the ease in which a terrorist group or other actor (think North Korea for example) could attack the grid and plunge the country into darkness for months, if not years. And if that seems far-fetched, just recall how a tree limb fell in Ohio in 2003 and blacked out the entire Northeast and part of Canada for several days.

When I worked at the New York Attorney General's Office, we sued coal-fired power plants because their air pollution was making people sick. But in some towns, I saw that the reliance on coal really had people in a bind. The coal plant was making them sick, but it was also a major tax generator for the town. If the plant closed, the town might have to lay off teachers and cops, in addition to losing the plant jobs.

Energy is Europe’s quiet crisis. While the clamour of failing economies, desperate migrants and political clashes grabs the headlines, energy policy is rarely front-page news, but it should be — the statistics are shocking.

“I can remember as a young man driving from Carson City to Reno for the first time and I saw this steam coming out of the ground,” Nevada Senator Harry Reid told the geothermal industry last week. Although the congressman was in Washington DC trying to prevent a government shutdown, as his representative Vinny Spotleson reminded the audience, he and Senator Dean Heller both conveyed their support and appreciation of geothermal via video remarks at the opening plenary session of the GRC Annual Meeting and GEA Geothermal Energy Expo in Las Vegas.

European Union governments and the bloc’s executive arm are splitting over how to guarantee electricity supply as the region builds more renewable power.

Turbine rehabilitation at the 112 MW Ohakuri Hydro Power Station in New Zealand was owner Mighty River Power's most complex program of works of any it had previously performed.

The Lebanese military is commended for its commitment to peace in light of its vast security obligations, a UNIFIL official said Wednesday.

Pakistani farmers seem to be losing interest in growing wheat because the government has failed to increase wheat price supports enough, growers say.

The court in Innovate Logistics Ltd (in administration) v Sunberry Properties Ltd had to balance a landlord's wish to eject an unauthorised occupier against administrators' rights to deal with the company's assets during the administration. The ten...

MANSEHRA: Though Kaghan-Naran section of Mansehra-Naran-Jalkhad road has been reopened to traffic following the suspension of five consecutive months, the tourism activities in the valley are yet to be resumed.The road, which was blocked due to heavy snowfall in Kaghan valley in December 2019, was...

Il y a deux jours, la liste noire des...

Hairdressers have been forced to go underground as lockdown regulations stifle their livelihood and job security. For some, bootlegging has been 'life-saving'. ......

Book lovers can have their books delivered to their doorsteps, alongside their favourite takeaways. This development is as a result of the partnership between book-selling Exclusive Books and UberEats.