Comcast bug made it shockingly easy to steal customers’ Wi-Fi passwords A security hole in a Comcast service-activation website allowed anyone to obtain a customer’s Wi-Fi network name and password by entering the customer’s account number and a partial street address, ZDNet reported yesterday. The problem would have let attackers ‘rename Wi-Fi network names and passwords, temporarily locking users out’ of their home networks, ZDNet wrote.… Read More
RedHat DHCP remote root execution vulnerability A command injection bug in Red Hat’s DHCP client could allow an attacker to run any command on your computer. As root. RedHat Linux, together with its stablemates Fedora and CentOS, just patched a serious security bug. RedHat-based Linux distros include a dhclient script as part of their NetworkManager package – until the latest NetworkManager… Read More
Commonwealth Bank of Australia Tries to Explain Coding Errors Found After 4 Years The coding errors were created in July 2011 when the bank introduced an automated decision tool to process customer overdraft applications, but the problems weren’t discovered until September 2015. During the calculations that decided whether a customer could actually afford an overdraft, one software error in the decision tool’s algorithm failed to count a customer’s… Read More
Single Sign-On authentication – the bug that lets you logon as someone else Duo found that buggy SAML libraries would read the NameID string in various ways, sometimes as user@example.com (treating the comment as a terminator for the data field), and sometimes as user@example.com.test (simply treating the comment as it it were not there at all). Source: sophos… Read More