Drupal Releases Security Updates

Original release date: March 19, 2015

Drupal has released updates to address multiple vulnerabilities, one of which could allow a remote attacker to gain access to a system account.

Available updates include:

*         Drupal core 6.35 for 6.x users

*         Drupal core 7.35 for 7.x users

US-CERT encourages users and administrators to review Drupal's Security Advisory and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


Clinton’s e-mail hosted on Exchange 2010 server now, not in Chappaqua

There's been a lot of controversy over how Hillary Clinton apparently used a mail server running in her Chappaqua, New York, home when she started her tenure as secretary of state. But if you want to know what she's using now, all you have to do is point your browser at it—you'll get a login page for Outlook Web access from a Microsoft Exchange 2010 server. And so will anyone who wants to brute-force guess her e-mail password or simply take the server down with a denial-of-service attack. (This is not a suggestion that you should.)

Clinton has probably changed her e-mail address since the scandal began—particularly since the hdr22 account she used has been widely published and has likely become a magnet for all sorts of unwanted messages. And the hosted Exchange server is certainly an upgrade from her original server configuration—Until October of 2010, based on historic DNS records viewed by Ars, Clinton's e-mail server was in fact at a static IP address provided by Optimum, a Cablevision subsidiary, that corresponded to the Clintons' Chappaqua address. The domain was registered on January 13, 2009, just days before Clinton's confirmation as secretary of state—but it did not gain a certificate for secure client connections until March. The current certificate for clintonemail.com was issued by GoDaddy in 2013 just as the original certificate was about to expire.

At some point shortly after the home server was dropped in 2010, the mail exchange record for clintonemail.com was moved to a hosted Exchange server running out of a data center in Huntsville, Alabama. The server uses McAfee's MXLogic e-mail filtering service to screen for malware and spam (though it's not certain when the service was added).

Read 2 remaining paragraphs | Comments

OpenSSL Patches Multiple Vulnerabilities

Original release date: March 19, 2015

OpenSSL has released new updates addressing multiple vulnerabilities, one of which is classified as a high severity issue. Exploitation could allow a remote attacker to cause a cause a Denial of Service attack against the server.

Updates available include:

  • OpenSSL 1.0.2a for 1.0.2 users
  • OpenSSL 1.0.1m for 1.0.1 users
  • OpenSSL 1.0.0r for 1.0.0 users
  • OpenSSL 0.9.8zf for 0.9.8 users

Users and administrators are encouraged to review the OpenSSL Security Advisory and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.