Meine Blog-Liste

  • end of life - Good morning, as you may have already found out, the posts on this blog have been getting less and less. This is caused by the fact that my two honeypots h...
    vor 1 Jahr

Montag, 13. Oktober 2014

This week in security Week 40/41

Some issues/news this week:

CVE-2014-2044 Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream (ADS) syntax in the filename parameter, as demonstrated using .htaccess::$DATA to upload a PHP program.

How to Bypass Two-Factor Authentication (2FA) and What the Future Holds If Two-Factor Authentication (2FA) Is Not Bulletproof, How Will We Authenticate? In the past couple of years, we have repeatedly been reminded of the weakness of passwords as an authentication method. High-profile breaches with millions of lost credentials, sophisticated desktop malware, advanced mobile malware, phishing scams and other attacks have proven time and time again that a username and password combination cannot provide the adequate evidence required for authentication.

CVE-2014-1572 A critical zero-day vulnerability discovered in Mozilla’s popular Bugzilla bug-tracking software used by hundreds of prominent software organizations, both private and open-source, could expose sensitive information and vulnerabilities of the software projects to the hackers.