background preloader

Security News, Puppy Linux

Facebook Twitter

We don't want to alarm you, but PostScript makes your printer an attack vector. Take your printers off the Internet: a bunch of researchers from a German university have found a cross-site printing bug in the ancient PostScript language.

We don't want to alarm you, but PostScript makes your printer an attack vector

If PostScript is the printer driver, the printer is vulnerable to what they call Cross-Site Printing attacks, documented in detail at Hacking Printers here. The bugs range from attackers exfiltrating copies of what's sent to printers, to denial-of-service, code execution, forced resets and even bricking the targets. The work from the University Alliance Ruhr landed on Full Disclosure here (with five vendor-specific follow-ups), and as they note: “This vulnerability has presumably been present in every PostScript printer [for] 32 years as solely legitimate PostScript language constructs are abused.”

As they note in the GitHub repo hosting their proof-of-concept code, it "makes dumpster diving obsolete". Linux, *BSD and Mac OS users note: the bug's also exploitable via the popular Common Unix Printing System, CUPS. Source Link. Postscript security bug in CUPS. Whizzbang - definition of whizzbang by The Free Dictionary. The show revels in the fantastical, imaginative use of whizzbang technology in a competitive, funny and spectacular environment.

Whizzbang - definition of whizzbang by The Free Dictionary

Peter Pan will also feature mind-blowing special effects by Whizzbang 3D Productions, which will take audiences from the comfort of their seats to the depths of the ocean in a spectacular underwater 3D sequence. Kingswinford-based Jubilee Fireworks has taken top spot in Montreal's L'International des Feux - Loto Quebec: quite a mouthful, but, basically, the whizzbang world cup. Yes, even Edge: Microsoft's supposedly whizzbang super-secure web browser. Ghillie Dhu and the Dhon'ts, self-described "purveyors of Whizzbang Celtcore music," will play a St. Almost inevitably, a whizzbang start to yesterday's trading was dominated by yet another Galileo filly reaching a blockbuster price when Nicolas de Watrigant of Mandore International outbid Hugo Lascelles at 700,000gns for a filly out of the Listed-placed Arkadina.

Hyperlink. Security news. Security extensions. Hyperlink. [Selection] Good Firefox Extensions. OpenSSL to Patch High Severity Vulnerability. The OpenSSL Project announced on Monday that it will soon release updates that patch several vulnerabilities, including one rated as having “high” severity.

OpenSSL to Patch High Severity Vulnerability

OpenSSL versions 1.1.0a, 1.0.2i and 1.0.1u will be released on Thursday, September 22, at around 8:00 UTC. There are only few details about the upcoming versions, but the OpenSSL Project said one of the issues has high severity, one has moderate severity, while the rest have low impact. High severity flaws are less likely to be exploitable compared to critical vulnerabilities. OpenSSL developers typically try to address these bugs within a month after learning of their existence. The OpenSSL Project has once again reminded users that support for version 1.0.1 will end on December 31. Three rounds of security updates have been released so far this year, patching a total of 16 vulnerabilities.

Related Reading: Encrypted Network Traffic Comes at a Cost Related Reading: Several Vulnerabilities Patched in Libarchive Library. Source Link. “High” severity openssl patches just released. ...jeez, they are already cracking 1.1.0 openssl branch??

“High” severity openssl patches just released

That was just released in August! Remember, 1.0.1 branch support stops the end of this December. More than a quite a few pups in Ally's repositories are affected....wonder how many users actually know about this or will ever know until it is....??? I sometimes think, Flash, the Murga-site needs some kind of popup or colored red-heading warning for the causal user (of the many puppies) who only sporadically drop by. These people may never know (until it is too late) that they may already have been pwned using a not critically updated puppy OS. Some day, I am afraid, this is all going to come back and bite puppy land overall. Still, openssl is serious, despite what some here on murga think they know about how attacks to it operate.......those attacks, continually evolving, are the number one vector hackers use to go after any online financial online info moving around.....

09/30/2016. Hyperlink. Puppy 4. Hyperlink. Security news.