Security Leftovers
-
Security updates for Wednesday
-
Customer security awareness: alerting you to vulnerabilities that are of real risk
-
Cisco's WikiLeaks Security Vulnerability Exposure: 10 Things Partners Need To Know
Cisco's security team has discovered that hundreds of its networking devices contain a vulnerability that could allow attackers to remotely executive malicious code and take control of the affected device.
"We are committed to responsible disclosure, protecting our customers, and building the strongest security architecture and products that are designed through our Trustworthy Systems initiatives," said a Cisco spokesperson in an email to CRN regarding the vulnerability.
Some channel partners of the San Jose, Calif.-based networking giant are already advising customers on how to bypass the critical security flaw. Here are 10 important items that Cisco channel partners should know about the security vulnerability.
-
Linux had a killer flaw for 11 years and no one noticed
One of the key advantages of Open sauce software is that it is supposed to be easier to spot and fix software flaws, however Linux has had a local privilege escalation flaw for 11 years and no-one has noticed.
The vulnerability, tracked as CVE-2017-6074, is over 11 years old and was likely introduced in 2005 when the Linux kernel gained support for the Datagram Congestion Control Protocol (DCCP). It was discovered last week and was patched by the kernel developers on Friday.
-
6 Hot Internet of Things (IoT) Security Technologies
-
Microsoft Losing Its Edge
However, despite these improvements in code cleanness and security technologies, it hasn’t quite proven itself when faced with experienced hackers at contests such as Pwn2Own. At last year’s edition of Pwn2Own, Edge proved to be a little better than Internet Explorer and Safari, but it still ended up getting hacked twice, while Chrome was only partially hacked once.
Things seem to have gotten worse, rather than better, for Edge. At this year’s Pwn2Own, Microsoft’s browser was hacked no less than five times.
-
Microsoft loses the Edge at hacking contest
And for every hack perpetrated against Edge, there was a corresponding attack against the Windows 10 kernel, indicating that it has a way to go in terms of security, according to Tom's Hardware.
-
Wikileaks: Apple, Microsoft and Google must fix CIA exploits within 90 days
The 90-day deadline is the same that Google's own Project Zero security group provides to companies when it uncovers flaws in their software. If a company has failed to patch its software accordingly, Project Zero publishes details of the flaw whether the vendor likes it or not.
-
NTPsec Project announces 0.9.7
-
