Shellshock: Very Serious Vulnerability

The flaw has been found in a software component known as Bash, which is a part of many Linux systems as well as Apple's Mac operating system.

The bug called Shellshock, can be used to take control of almost any system remotely using Bash (Bourne-Again Shell, a command prompt on many Unix computers. Unix is an operating system on which many others are built, such as Linux and Mac OS.).

500,000 machines worldwide are thought to be vulnerable to Heartbleed. But early estimates, which experts said were conservative, suggest that Shellshock could hit at least 500 million machines. 

 

US Cert issued an advisory here: https://www.us-cert.gov/ncas/current-activity/2014/09/24/Bourne-Again-Shell-Bash-Remote-Code-Execution-Vulnerability

You can check to see if your system is vulnerable here: https://shellshocker.net/

Viber Contests Ability of Iran to Tap Communications

In September Iran newspaper Khabaronline claimed that Viber conversations can be monitored by Iranian government agencies. 

 

In the piece entitled “Are Viber and WhatsApp really monitored easily?” the paper quoted a “computer expert” named Mani Haghshenas who stated: “It is possible for users to use Internet networks that shut down certain security protocols and disallow Viber to encrypt messages, and, ultimately, a network such as Viber would prefer to switch to a normal message transmission mode, in order to avoid permanent nonoperation of its application for some of its users. The country’s filtering systems may sometimes block and disable the security and communication protection capabilities of an application, and in order to continue its operation, such applications may automatically have to provide their services to their users without encryption, and such circumstances would assist the governments to control and tap communications.” 

 

A Viber Company representative refuted these claims and told the International Campaign for Human Rights in Iran that the application communications are encrypted and as such it is not possible for third parties to monitor messages. “All text messages sent through Viber on its supported platforms are encrypted. Media messages, such as photos and videos, are encrypted on Viber for iOS, Viber for Android, Viber for Windows 8 and Viber for Windows Phone 8.”

5 Million Gmail Account Usernames & Passwords Hacked

Nearly 5 million usernames and passwords associated with Gmail accounts have been leaked on a Russian Bitcoin forum. The database contains 4.93 million Google accounts belonging to English, Russian and Spanish speaking users.

The list has since been taken down, and there is no evidence that Gmail itself was hacked, just that these passwords have been leaked. Most sources are saying that lots of the information is quite old, so it is likely they were leaked long ago, though others claim that 60% of the passwords are still valid.

You should change your passwords now and ideally use 2-factor authentication for extra protection.

Iran Faces 8 Million Cyber Attacks Per Day

Mahdi Karimi, the deputy-director of Ertebatat Zirsakht Communications Company stated in the company's inauguration speech, that “about 7 to 8 million cyber attacks target Iran’s communication infrastructure daily, which are mostly anonymous, and target the financial and industry sectors as well as more sensitive networks.” Karimi added: “The data network security operations center uses its security capabilities to detect and neutralize threats be they from home or abroad.”

Karimi also noted that the center will collect information on security threats, save data, analyze and respond to cyber attacks as part of its function.