Brief safety news of February (2014)
In this new section of articles I will be collecting brief and interesting news every month to be up to date and thus be prevented before potential dangers that may compromise the security of our system or even web pages.
Biggest brute force attack on WordPress blogs
As the title says these days, the biggest brute force attack in history has been carried out on WordPress installations. A similar attack was already happening in the month of April of last year and in that article we mentioned some options that help us protect ourselves against these attacks. The most basic security measure against these attacks is to have a password complex enough so that it cannot be easily guessed.
Critical security error in several Adobe products
A few days ago we commented on the security error in Adobe Flash Player and the steps to update and thus secure our system. Well, a few hours ago another patch has been announced for another Adobe product, in this case it is Adobe Shockwave Player. The security flaw is qualified as critical, so it is recommended to update Shockwave Player as soon as possible (if you have it installed). You can get the latest version from the link: http://get.adobe.com/shockwave/
Critical security updates for Windows
Microsoft launched yesterday, February 11, 2014 a package with seven updates where three of these are classified as critical . These updates solve a whopping 32 security problems in the Windows operating system and also the update for Internet Explorer solves no less than 24 vulnerabilities . I already knew that using Windows was not safe and Internet Explorer has not used it for years but after seeing these numbers it does not surprise me that Windows is the main target of malware, viruses and other malicious programs. In short, it is time to update as soon as possible!
Several bugs in the OAuth authentication protocol allow you to steal sessions in Github
Russian security researcher Egor Homakov has published a series of minor security flaws in the OAuth protocol used by Github. The problem is that these small bugs combined with each other allow to steal sessions of Github what already happens to be a more serious problem. Github has paid Egor Homakov the amount of $ 4,000 to report these security flaws.
Crowd of outdated Apache servers worldwide
Netcraft states in a study that many Apache servers are outdated and running under versions with security flaws. This news does not surprise me, you just have to see the versions available in the official repositories of some Linux distributions and you already realize that in 99% of the cases the latest stable versions of Apache are not available, this is something I’ve never understood