A security issue and vulnerability have been reported in MySQL, which can be exploited by malicious people to bypass certain security restrictions.
It is possible to execute a one-liner bash command to exploit the vulnerability:
$ for i in `seq 1 1000`; do mysql -u root --password=bad -h 127.0.0.1 2>/dev/null; done
Recommended steps include the following:
a) Secure MySQL so that it’s not exposed to the network at large in the first place. Most Linux distributions bind the MySQL daemon to localhost, preventing remote access to the service.
In cases where network access must be provided, MySQL also provides host-based access controls. For the few use cases where the MySQL daemon should be intentionally exposed to the wider network and without any form of host-based access control.
By modifying the my.cnf file – you can restrict access to the local system – Open my.cnf > find the section labeled [mysqld] > change (or add a new line to set) the “bind-address” parameter to “127.0.0.1”. Restart the MySQL service to apply this setting.
b) The next step would be to upgrade to a stable, non-vulnerable update, as per vendor recommendation.
The following distros have been confirmed vulnerable:
- Ubuntu Linux 64-bit ( 10.04, 10.10, 11.04, 11.10, 12.04 )
- OpenSuSE 12.1 64-bit MySQL 5.5.23-log
- Debian Unstable 64-bit 5.5.23-2
- Fedora (confirmed by Red Hat )
- Arch Linux
Yet another great article by LifeHacker.
Here’s how to set it up if you aren’t currently using a passcode:
- Unlock your iPhone and open Settings > General > Passcode Lock.
- Toggle Simple Passcode to Off.
- Tap Turn Passcode On (assuming you don’t already have it turned on) and enter your new passcode using only numbers. You’ll see the standard alphanumeric keyboard during your initial passcode creation and confirmation, but don’t worry—if you stick with numbers, you’ll get the numeric keyboard later.
Click this link for the full post.
Image via Wikipedia
Cyber-Ark Software have recently launched their new product, an Inter-business Vault (IBV) as a cloud service which enables cloud users to secure their sensitive and confidential files during transfer.
Image via CrunchBase
Twitter lists are great for organizing your favorite follows into one column or page. However, manually curating lists can be a laborious task. A couple of weeks ago I got to know about Formulists, a web-app for auto-creating and managing Twitter lists and exploring new people in various ways.
To get your security list done, link your Twitter account to Formulists to group your favorite security-tweeps into a group.
To create a generic list of security tweeps:
Tweep Search List Options: Don't Exclude People
Basic Options: 40 to 50 - This is more of a personal option
Profile Filter Options:
Bio: Infosec OR security OR hacker
Filter by when they last tweeted: Last 30 days
Filter by following and followers: More than 50 followers
Now, if you would like to add a list of people who you’re not following yet, do this quick-fix:
Tweep Search" List Options: Exclude people I already follow from list
This should give you a good start feed with bunch of interesting and informative security tweets.
You can follow my personal security list here.
Follow us on @securopia and @gigadeleo.
Happy tweeting 🙂
- Using Formulists (stellaholman.wordpress.com)
Image by CarbonNYC via Flickr
We all know that hacking is a 24/7 business; and as much as we good people enjoy keeping our workplaces and homes safe from wrong-doers, most of us cannot afford watching out for attacks 24/7. Especially today, where security is becoming broader, encompassing new and old practices.
Image by purpleslog via Flickr
A simple & long-time applicable security model is the CIA triad; standing for Confidentiality, Integrity and Availability; three key principles which are guaranteed in any kind of secure system. As security continued to improve however, it has been clear that Authenticity and Non-Repudiation are also essential parts of a secure system. This newer principle is applicable across the subject of Security Analysis, from access to a user’s Internet history to security of encrypted data across the Internet. If any of these 5 pillars is in breach, it would mean serious consequences for the parties concerned.
Following, an in-depth analysis of the CIAAN model pillars: