OpenSSL Patches Eight Vulnerabilities

Original release date: January 08, 2015

OpenSSL has released updates patching eight vulnerabilities, one of which may allow an attacker to cause a Denial of Service condition.
The following updates are available: 

  • OpenSSL 1.0.1k for 1.0.1 users
  • OpenSSL 1.0.0p for 1.0.0 users
  • OpenSSL 0.9.8zd for 0.9.8 users

Users and administrators are encouraged to review the OpenSSL Security Advisory for additional information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Got an Asus router? Someone on your network can probably hack it

If you're running an Asus wireless router, chances are good that someone inside your network can take full administrative control of it thanks to a currently unpatched vulnerability in virtually all versions of the firmware, a security researcher said.

While the vulnerability isn't as serious as those that allow hackers on the Internet at large to compromise the devices, it's nonetheless concerning. People with administrative control can reroute everyone connected to malicious websites and possibly install alternate or even malicious firmware updates.

"I trust people that join my network to some degree, but I don't want them to be able to reconfigure the router," Joshua Drake, research director at Accuvant and the person who brought the vulnerability to light Thursday, told Ars. "I can't prevent them without this getting fixed (short of the workaround)."

Read 4 remaining paragraphs | Comments

8chan, related sites go down in Lizard Squad-powered DDoS

On Thursday, the recent Lizard Squad tour of Internet infamy continued as the hacking group took credit for a distributed denial of service (DDoS) attack against the imageboard site 8chan. As of publication, is still inaccessible throughout the United States. Japanese sibling site, which also suffered an outage, was restored once 8chan's servers were "separated from the rest of the network," according to 8chan founder Fredrick Brennan's Twitter account.

In claiming credit for the attack, Lizard Squad pointed to its own recently launched service known as Lizard Stresser, which allows third parties to essentially hire Lizard Squad to DDoS the website of their choice. Users can pay anywhere from $6 to $500 to access the attack service, which then offers attack bursts that can last as long as 500 minutes concurrently.

Investigative reporter Brian Krebs recently profiled Lizard Squad in a story headlined Lizard Kids: A Long Trail of Fail. He said the group's Stresser service was lifted in its entirety from another more established DDoS-for-hire site. He also found Lizard Squad inadvertently exposed information about all 1,700 of its registered users.

Read 8 remaining paragraphs | Comments

ATM Hacked Using Samsung Galaxy S4 & USB Port

A pretty interesting black box daughter board attack on ATM via USB, the crowd cry ATM Hacked! Yah it was, and it was triggered using a mobile phone to actually activate the attack, showing it’s fairly complex and also abstracting the actual attacker from being physically there. The guy carrying the black box can’t actually [...] The...

Read the full post at