A significant Linux vulnerability that allows remote code execution to Linux server(s) was announced late yesterday, named GHOST: CVE-2015-023. Full details of the vulnerability are available at www.openwall.com/lists/oss-security/2015/01/27/9. While the issue has been fixed as early as Mar 21, 2013 it was not marked as a security threat and as a result the patch was not backported to most of the stable and long-term-support distributions like RHEL, Centos, Ubuntu 12.04 etc which left them vulnerable.
Updates for CentOS are already available in the Updates repository so a simple "yum update" will install the required patches to mitigate this vulnerability.
Andrew Pruski is an SQL Server DBA currently working for Ding in Dublin, Ireland. He’s previously worked for Occam-DM Ltd and the United Kingdom Hydrographic Office in England. He’s benefitted immensely from the online DBA community, and his blog is an attempt to give something in return.
Aside from the SQL Server, he’s keen on running and playing rugby. He can also play the guitar (badly, but it doesn’t stop him).
facebook.com went down for aboutt 15 minutes between 4:00 and 4:15 AM EST. Users trying to connect to the site were seeing an error message "Sorry, something went wrong". The issue has been confirmed by multiple locations around the world and as far as we can tell all Facebook users were affected.
A major vulnerability in OpenSSL software was announced late yesterday, impacting all servers having the Heartbeat TLS extension enabled with OpenSSL versions states above.
The "heartbleed" vulnerability, has been already recorded as CVE-2014-0160. Further details can be found at heartbleed.com and www.openssl.org/news/secadv_20140407.txt.
The bug has already scared a lot of system administrators and site owners, and the one that we've done on WebSitePulse was to release a test against this vulnerability.
So, if you want to check whether your secure server is affected or not, please visit: www.websitepulse.com/heartbeat.php
There are several reports that can quickly provide you with information related to the latest events of your targets.
Two of the modules of your account dashboard provide information only on a limited number of events.