How To Patch Linux Servers Against the Glibc GHOST Vulnerability # CVE-2015-0235

What is the vulnerability? During a code audit Qualys researchers discovered a heap-based buffer overflow in Glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() Glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of… Continue reading How To Patch Linux Servers Against the Glibc GHOST Vulnerability # CVE-2015-0235

Mageia 5 beta 2 is out

After several delays, the beta 2 version of Mageia 5 is finally out. Stable release of Mageia 5 release postponed to March. Mageia team updated in their blog post that the delay is due to difficulties with EFI boot, grub 2 and unavailability of EFI-based machines for QA team to test new EFI boot. Mageia… Continue reading Mageia 5 beta 2 is out

Encrypt and password protect files using vim

VIM is a great text editor with innumerable number of features and options. In this article I am going to discuss a security feature of VIM using that we can encrypt files we are editing in VIM, making it impossible for other users to read even with root access. Create new encrypted file. To create,… Continue reading Encrypt and password protect files using vim

Device to log keystrocks from Microsoft wireless keyboard

Device called KeySweeper, which is developed using Arduino board and camouflaged as a functioning USB wall charger, can wirelessly and passively sniffs, decrypts, logs and reports back (over GSM) all keystrokes from any Microsoft wireless keyboard in the vicinity. As per its developer SamyKamkar : All keystrokes are logged online and locally. SMS alerts are sent upon trigger words, usernames… Continue reading Device to log keystrocks from Microsoft wireless keyboard