Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

The CERT advises system admins on two important recommendations

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

June 20, 2017

The CERT Coordination Centre at Carnegie Mellon University has just recommended two important items on storage admins to-do lists.

Item one-- go get version 5.1 of Samsung Magician, stat. The application lets users manage the company's solid state disk drives by doing things like updating firmware, performing secure erasure or perusing SMART data.

The software is offered for Samsung's consumer and enterprise drives, but “checks for and retrieves various updates over HTTP” and then “uses HTTPS to perform update operations, however it does not validate SSL certificates.”

The CERT says that act of omission means “An attacker on the same network as, or who can otherwise affect network traffic from, a Samsung Magician user can cause the Magician update process to execute arbitrary code with system administrator privileges.”

Item two-- find Settings dialog for Acronis True Image, because the CERT says “versions through and including 2017 build 8053 performs various update operations over unprotected HTTP channels.”

Downloaded updates are therefore “not validated beyond verifying the server-provided MD5 hash.”

“The direct impact could be that an attacker on the same network as, or who can otherwise affect network traffic from, an Acronis True Image user could potentially cause the True Image update process to execute arbitrary code with system administrator privileges.”

The CERT recommends turning off True Image's auto-update features and manually downloading the updates with your browser. We'll keep you posted.

Source: The CERT.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer