57 articles

A legacy bug in a legacy code: today’s problem

Microsoft has patched yet another bug in OLE, this time one that’s 19-years-old. While it is extremely surprising this bug hadn’t been discovered earlier, the crucial question here is the use of the underreviewed legacy code that developers have to drag along for decades.

How a Linux bug may affect Virtual infrastructure

Linux bugs may affect or directly threaten entire virtualization infrastructures: Whatever OS is used on VMs, an attack on a hypervisor is possible from both the outside and inside, and exploitation of the dreaded Shellshock vulnerability on Linux-based hypervisors is a possibility, too.

Pikes in the lake: new bugs to keep us awake

Vulnerabilities vary. Some are considered critical, some – less problematic; their severity is determined by a few well-known factors such as ease of exploitability and popularity of software. But, no matter their differences they all require serious attention at a constant level, so that when the next Shellshock-like incident occurs, it won’t take cybersecurity world by surprise.

How a Linux bug may affect Windows-based infrastructure

The recent developments with “big bugs” such as Heartbleed and Shellshock created a global security strain, with many questions emerging. Both bugs were open-source software-related, but indirectly they would constitute a threat to Windows-based infrastructure. In this post we review a few scenarios of an attack on mostly Windows-based network with Linux servers at certain points.

When the Bug Bashes you

A new nasty bug discovered in Bourne again shell set the infosec on fire, Heartbleed-style. Is it as dangerous as the notorious OpenSSL flaw? It depends…