I have talked about ApacheKiller flaw in detail here with possible workaround to mitigate this flaw.
Last week, a DDoS mitigation service vendor Arbor Networks revealed a detailed report can be download from here which say,
Once again Linux.com, Linuxfoundation.org and sub-domains have been taken offline for a possible security breach that is discovered on 8th September, 2011.
News bulletin from Linux.com says in the best interest of Linux community and security precautions we have taken all domains offline. Initial analysis shows this breach is connected to intrusion on kernel.org
Recommendations for the Linux.com users :
Change your password, if you are using the same password on other sites.
Services affected :
Note : Kernel repositories are not affected. It is safe.
We will update you further, as soon we have further announcements from Linux.com
Apache have released Patch for the recent range bytes request flaw which we published few days ago. This patch fix the Security flaw and
Change Log :
SECURITY: CVE-2011-3192 (cve.mitre.org) core: Fix handling of byte-range requests to use less memory, to avoid denial of service. If the sum of all ranges in a request is larger than the original file, ignore the ranges and send the complete file. PR 51714.
You can download latest stable release here
If you are running CEntOS, you can update it in this way;
Check update using Yum Utility
yum check-update httpd
yum update httpd
If don’t want to update it, you can see this post for mitigation techniques.
Today i was reading interesting post by Zone-h.org Which says 1.5 million websites were defaced and reported on Zong-h. Most of the attacks were SQL Injections, LFI, RFI, Web Dav and misconfiguration of the web server or application itself.
The report further says, large number of attacks happened on Linux Operating System. We talk too much about Linux kernel but the first thing is code which need to be written in efficient way.
Some interesting numbers in chart is mentioned on this page too, Up to date stats
MySQL.com was compromised via amazing blind SQL injection. You can see the database, tables & users informations on full disclosure website.
Vulnerable Target : http://mysql.com/customers/view/index.html?id=1170
Host IP : 22.214.171.124
Web Server : Apache/2.2.15 (Fedora)
Powered-by : PHP/5.2.13
Injection Type : MySQL Blind
Current DB : web
The worse is they posted passwords dump and hundreds of people have already cracked it. We recommend you to change your password on urgent basis as it is the normal bad practice people use same password for all online portals e.g web mail, paypal and so on.
The good or bad guy who had fun with it is ;
[+] Author: Jackh4xor @ w4ck1ng [+] Site: http://www.jackh4xor.com