News for Admins
Tech News
Bugzilla Bug
The Bugzilla bug database system has a flaw that could allow an attacker to access the database and read about potential exploits before the patch is released to the public. The problem affects Bugzilla implementations that use email-based permissions. Login names longer than 127 characters are "silently truncated in MySQL," which could allow an attacker to assign permissions to an email address that is different from the address originally requested. The fix for this bug is included in the Bugzilla 4.2.15, 4.4.10, and 5.0.1 releases. All Bugzilla users are encouraged to upgrade.
RC4 Finally Gets the Fork
After years of complaints about ineffective encryption, the RC4 algorithm, which has been around since 1987, is finally being phased out. Artfully coordinated announcements from Google, Mozilla, and Microsoft state that they are officially abandoning RC4 and won't support it in future browser versions. New versions of Firefox, Chrome, and the Microsoft browsers will not support RC4 after the end of this year. Of course, the leading browser vendors have known that RC4 is inadequate for years, but the browsers have supported a "fallback mode" for websites that demand RC4 encryption. In future versions, the browsers simply won't connect to websites that ask for RC4 encryption.
This unified action from three leading browser vendors should increase the pressure on web server
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
News for Admins
Attacks on AI Bluetooth and Intel processors, vulnerability in Oracle Identity Manager, and containerizing OpenStack.
-
News for Admins
One Spectre/Meltdown Flaw for Every Day of the Week, Bleedingbit: Two New Bluetooth Vulnerabilities, Intel Chips Smashed by PortSmash, Oracle Goes Cloud Native
-
News for Admins
News for system administrators around the world. - Millions of Intel Processors Are Vulnerable to Attack
- Intel Launches a New Generation of Processors