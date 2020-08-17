Security and FUD Leftovers
Security updates for Tuesday
Security updates have been issued by Debian (sane-backends), Fedora (kernel, LibRaw, and wob), openSUSE (balsa, hylafax+, postgresql, postgresql96, postgresql10, postgresql12, and postgresql96, postgresql10 and postgresql12), Oracle (.NET Core 3.1), Red Hat (bash and bind), SUSE (dovecot23, firefox, fwupd, postgresql10, postgresql12, python-azure-agent, and zabbix), and Ubuntu (ark, gnome-shell, libonig, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon, linux-gke-5.0, linux-oem-osp1, and software-properties).
Firewall configuration recommendations for IPFire users
After taking a closer look on how to achieve better DNS settings in terms of privacy, this post elaborates necessary steps for a secure configuration of IPFire's firewall engine.
Depending on how volatile and predictable your network is, the following steps might cause interruptions or break some clients altogether - if they are using hard-coded DNS resolvers, for example -, so it might be a good idea to apply them within a maintenance window. Make sure you can access the wiki at any time in order to know what to do if something was misconfigured by accident.
Freetz Alternative Firmware for Older FritzBoxes
JavaScript can compromise the user’s network devices!
pretty evil are devices/routers with security problems, that can be exploited from javascript.
so basically opening a webpage with a browser that has javascript enabled (which most browsers have)
might scan the user’s network for vulnerable devices
and then tries to conquer/own those devices
resulting in all kinds of trouble for the user or other users in form of DDoS attacks that this router then might participate in
10,000+ WordPress Sites At Risk Due To Stored XSS Vulnerability
WordPress plugin with over 10,000 installations contains a critical unpatched vulnerability. The vulnerability was discovered by Melbin Mathew yesterday and it deserves the attention of those who have installed this plugin on their WordPress sites.
The plugin has XSS(Cross-site Scripting) vulnerability that can easily be exploited by a hacker. Here is how it works.
Some email clients are vulnerable to attacks via 'mailto' links [Ed: The latest FUD from ZDNet wants us to think that Free software is dangerous for E-mail because people can be tricked; it's a social engineering problem, not security problem.]
A lesser-known technology known as "mailto" links can be abused to launch attacks on the users of email desktop clients.
The new attacks can be used to secretly steal local files and have them emailed as attachments to attackers, according to a research paper published last week by academics from two German universities.
