Blog Elements

Half Sized Blog Element (Single Author Style)

Half Sized Blog Element (Multi Author Style)

Information Commissioner Calls for Regulation of Social Media Following Cambridge Analytica scandal

2018-11-06/0 Comments/in General Security/by Kellep Charles

Information commissioner calls for regulation of social media following Cambridge Analytica scandal

Ruby2.3 Security Update – CVE-2018-16395 CVE-2018-16396

2018-11-06/0 Comments/in Vulnerability & Threat Report/by Kellep Charles

Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems:

Information Commissioner Calls for Regulation of Social Media Following Cambridge Analytica scandal

2018-11-06/0 Comments/in General Security/by Kellep Charles

Information commissioner calls for regulation of social media following Cambridge Analytica scandal

Ruby2.3 Security Update – CVE-2018-16395 CVE-2018-16396

2018-11-06/0 Comments/in Vulnerability & Threat Report/by Kellep Charles

Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems:

Full Sized Blog Element (Big Preview Pic)

Information Commissioner Calls for Regulation of Social Media Following Cambridge Analytica scandal

2018-11-06/0 Comments/in General Security/by Kellep Charles

An interesting article by Tom Reeve on scmagazineuk.com:

The Information Commissioner Elizabeth Denham has published a report into the the use of data analytics for political purposes at the same time as appearing before the Parliamentary DCMS committee today.

Appearing alongside her deputy commissioner James Dipple-Johnstone, Denham was testifying on “Disinformation and ‘fake news'” before the Digital, Culture, Media and Sport Committee (DCMS), chaired by the MP Damian Collins.

The report into data analytics and political campaigning, which runs to 113 pages, is the culmination of “the largest investigation of its type by any Data Protection Authority,” the report says. It involved social media platforms, data brokers, analytics firms, academic institutions, political parties and campaign groups.

The report is a summary of its findings – more details will emerge in any regulatory notices which are issued by the Information Commissioner’s Office (ICO).

Read the rest here.

Ruby2.3 Security Update – CVE-2018-16395 CVE-2018-16396

2018-11-06/0 Comments/in Vulnerability & Threat Report/by Kellep Charles

Security fix in Ruby on Rails

Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2018-16395

Tyler Eckstein reported that the equality check of OpenSSL::X509::Name could return true for non-equal objects. If a malicious X.509 certificate is passed to compare with an existing certificate, there is a possibility to be judged incorrectly that they are equal.

CVE-2018-16396

Chris Seaton discovered that tainted flags are not propagated in Array#pack and String#unpack with some directives.

For the stable distribution (stretch), these problems have been fixed inversion 2.3.3-1+deb9u4.

We recommend that you upgrade your ruby2.3 packages.

For the detailed security status of ruby2.3 please refer to its security tracker page at:https://security-tracker.debian.org/tracker/ruby2.3

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/