Tag Archive: security

PSA: glibc buffer overflow (nss_hostname_digits_dots)

[covert-ops] bullhorn

Via https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235.

A heap-based buffer overflow was found in glibc’s __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.

Update ALL THE THINGS! Again. Once, you know, a patch is available.

PSA: Google Security Notifications

This should be of interest to many of you.

Google Security Notifications

Everyone who uses a Google account (Gmail, YouTube, Google Reader, Picasa, Blogspot, etc.) should probably enable this. Better safe than sorry,etc.

Via Google Operating System.

PSA: Dropbox & Two-Factor Authentication

Since I jump between computers (or, more accurately, computing devices) a good bit, I am a huge fan of Dropbox. (For the purposes of this post, I’m going to assume that y’all know what Dropbox is, and won’t go into a big long explanation. The short version is: It’s file storage in The Cloud™, accessible from any number of computers, phones, tablets, and probably secret decoder rings that you got in your breakfast cereal.) If you’re like me, you probably have a reasonable amount of paranoia about putting your Stuff out where other people could conceivably get to it, and it makes you somewhat twitchy. You’ve turned on all of the “email me when a new device (app, secret decoder ring) is linked to my account” settings, but still wonder if you could be doing more.  (more…)