Bash bug allows code injection attack

This is interesting. A recently discovered bug [http://arstechnica.com/security/2014/09/bug-in-bash-shell-creates-big-security-hole-on-anything-with-nix-in-it/] in the bash shell (which is common on a lot of *nix systems) allows code injection via specially crafted environment variables. As in the linked articles, you can test if your version of Bash is vulnerable by running something like: $ env… Read more

Credential Dump: 5 Million Google accounts

This [http://www.inforisktoday.co.uk/5-million-google-passwords-leaked-a-7299] is interesting, supposedly 5,000,000 Google usernames and passwords have been posted on a Russian bitcoin forum, however the list seems to have come not from a compromise of Google’s systems, but a large database collected from Malware, Phishing, etc. Google has posted a response [http:… Read more

Interesting paper on Mac OS security

I read a a rather interesting paper last night: Inside Mac Security by Ben Knowles. Many people view OS X as a ‘black box’ with a shiny GUI (Which, lets be honest, is one of its key selling points), the paper gives an overview of some of the key security features Apple have bundled into… Read more