[ale] semi OT - misc security issues to think about - 07/12/12

Ron Frazier (ALE) atllinuxenthinfo at techstarship.com
Thu Jul 12 16:11:33 EDT 2012 

Hi all,

FWIW, here are some miscellaneous security items that you might want to 
be aware of that I heard on the latest Security Now podcast.  I haven't 
had any chance to investigate any of these in detail.

* If you're a lastpass user, there is a setting in the options which 
allows you to turn on iterative password hashing.  This helps prevent 
brute force attacks on your password.  Recommended setting is 512 I 
believe.  Apparently, for some accounts, it is not turned on by default.

* If you're forced to use Windows, a vulnerability in Vista and Windows 
7 sidebars and gadgets has been discovered which potentially allows an 
attacker to do "remote code execution".  In other words, they can take 
over your machine.  Microsoft has released a FixIt button on their 
website to totally disable sidebars and gadgets.

* The following applies if you use the Plesk website management system.  
This is a quote from the following website:

http://blog.sucuri.net/2012/06/plesk-vulnerability-leading-to-malware.html

"The first issue is that old versions of Plesk store passwords in 
/*clear text*/ (yes, clear text in 2012). The second is a remote SQL 
vulnerability that has been found in old versions of Plesk allowing 
attackers to exploit those passwords."

As I understand it, even if your Plesk installation has been updated, 
the passwords in the database are vulnerable until they are changed.

Sincerely,

Ron

-- 

(To whom it may concern.  My email address has changed.  Replying to former
messages prior to 03/31/12 with my personal address will go to the wrong
address.  Please send all personal correspondence to the new address.)

(PS - If you email me and don't get a quick response, you might want to
call on the phone.  I get about 300 emails per day from alternate energy
mailing lists and such.  I don't always see new email messages very quickly.)

Ron Frazier
770-205-9422 (O)   Leave a message.
linuxdude AT techstarship.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20120712/a7ff210b/attachment.html

More information about the Ale mailing list