Varanoid.com

VU#845332: OrientDB and Studio prior to version 2.1.1 contain multiple vulnerabilities 0

VU#845332: OrientDB and Studio prior to version 2.1.1 contain multiple vulnerabilities

Vulnerability Note VU#845332 OrientDB and Studio prior to version 2.1.1 contain multiple vulnerabilities Original Release date: 03 Sep 2015 | Last revised: 03 Sep 2015 Overview Studio for OrientDB Server Community Edition version prior to version 2.1.1 contains several vulnerabilities. Description CWE-352 : Cross-Site Request Forgery (CSRF) – CVE-2015-2912 The Studio web interface to OrientDB contains a CSRF vulnerability

VU#630872: Mediabridge Medialink Wireless-N Broadband Router MWN-WAPR300N contains multiple vulnerabilities 0

VU#630872: Mediabridge Medialink Wireless-N Broadband Router MWN-WAPR300N contains multiple vulnerabilities

Vulnerability Note VU#630872 Mediabridge Medialink Wireless-N Broadband Router MWN-WAPR300N contains multiple vulnerabilities Original Release date: 03 Sep 2015 | Last revised: 03 Sep 2015 Overview Mediabridge Medialink Wireless-N Broadband Router MWN-WAPR300N, firmware version 5.07.50 and possibly earlier, uses non-unique default credentials and is vulnerable to universal authentication bypass and cross-site request forgery (CSRF). Description CWE-255 : Credentials Management – CVE-2015-5994 Medialink MWN-WAPR300N by default uses the common admin:admin credentials for the web management interface and uses medialink:password for the wireless network. An attacker within range of a wireless network using default settings can connect and gain privileged access to the web management interface

"The Declining Half-Life of Secrets" 0

"The Declining Half-Life of Secrets"

Several times I’ve mentioned Peter Swire’s concept of “the declining half-life of secrets.” He’s finally written it up : The nature of secrets is changing. Secrets that would once have survived the 25 or 50 year test of time are more and more prone to leaks. The declining half-life of secrets has implications for the intelligence community and other secretive agencies, as they must now wrestle with new challenges posed by the transformative power of information technology innovation as well as the changing methods and targets of intelligence collection

OPM (Mis)Spends $133M on Credit Monitoring 0

OPM (Mis)Spends $133M on Credit Monitoring

The Office of Personnel Management (OPM) has awarded  a $133 million contract to a private firm in an effort to provide credit monitoring services for three years to nearly 22 million people who had their Social Security numbers and other sensitive data stolen by cybercriminals. But perhaps the agency should be offering the option to pay for the cost that victims may incur in “freezing” their credit files, a much more effective way of preventing identity theft. Not long after news broke that Chinese hackers had stolen SSNs and far more sensitive data on 4.2 million individuals — including background investigations, fingerprint data, addresses, medical and mental-health history, and financial history — OPM announced it had awarded a contract worth more than $20 million to Austin, Texas-based identity protection firm CSID to provide 18 months of protection for those affected.