• chevron_right

      Critical vulnerabilities in Exim threaten over 250k email servers worldwide

      news.movim.eu / ArsTechnica · Friday, 29 September, 2023 - 22:59 · 1 minute

    Critical vulnerabilities in Exim threaten over 250k email servers worldwide

    Enlarge (credit: Getty Images)

    Thousands of servers running the Exim mail transfer agent are vulnerable to potential attacks that exploit critical vulnerabilities, allowing remote execution of malicious code with little or no user interaction.

    The vulnerabilities were reported on Wednesday by Zero Day Initiative, but they largely escaped notice until Friday when they surfaced in a security mail list. Four of the six bugs allow for remote code execution and carry severity ratings of 7.5 to 9.8 out of a possible 10. Exim said it has made patches for three of the vulnerabilities available in a private repository. The status of patches for the remaining three vulnerabilities—two of which allow for RCE—are unknown. Exim is an open source mail transfer agent that is used by as many as 253,000 servers on the Internet.

    “Sloppy handling” on both sides

    ZDI provided no indication that Exim has published patches for any of the vulnerabilities, and at the time this post went live on Ars, the Exim website made no mention of any of the vulnerabilities or patches. On the OSS-Sec mail list on Friday, an Exim project team member said that fixes for two of the most severe vulnerabilities and a third, less severe one are available in a “protected repository and are ready to be applied by the distribution maintainers.”

    Read 13 remaining paragraphs | Comments

    • chevron_right

      Load Balancing - The Cheap Way

      Simone · Wednesday, 27 September, 2023 - 20:20 · 8 visibility

    So.. I rented another cheap #VPS, something like 1core/1GB/10GB to run my 7 bots (for #IRC, #XMPP, #Steam, #Mumble and #Mastodon) and an IRC client, which I'm using less and less, to free some resources from my main VPS.

    Now they're perfectly balanced :) I can accomodate a few friends, if need be, to some services I'm hosting, like XMPP and #Email: if we know each other you're always welcome and if we don't know yet, feel free to drop me a message!

    • wifi_tethering open_in_new

      This post is public

      movim.woodpeckersnest.space /blog/roughnecks%40woodpeckersnest.space/b10a9ba9-b2ef-4cfc-96cd-77554cced09e

    • 4 Comments

    • person

      29 September, 2023 Unknown contact

      Su un serverino così modesto?! Allora oltre a Snikket ci devo buttar su qualcos'altro pure io, una email magari... Cos'hai usato?

    • person

      29 September, 2023 Unknown contact

      Su IONOS non ho la posta, ho solo i bots. Comunque per la posta uso il classicone Postfix, ma ho letto che ci sono soluzioni più semplici da gestire.. Adesso però mi sfugge il nome di quella che aveva suggerito adb.

    • person

      29 September, 2023 Unknown contact

      Forse mailcow, quelli di δ in teoria collaborano.

    • person

      29 September, 2023 Unknown contact

      Sì Sì, lui!

    • chevron_right

      Google enterre l’affichage simplifié de Gmail

      news.movim.eu / Numerama · Tuesday, 26 September, 2023 - 11:31

    Gmail une

    Google cessera de proposer un affichage simplifié de Gmail en HTML à compter de janvier 2024. L'entreprise américaine estime qu'il n'y a plus de raisons de proposer une telle vue aujourd'hui. [Lire la suite]

    Abonnez-vous aux newsletters Numerama pour recevoir l’essentiel de l’actualité https://www.numerama.com/newsletter/

    • chevron_right

      Le saviez-vous ? Gmail a une option pour effacer certains de vos emails chez vos contacts

      news.movim.eu / Numerama · Friday, 8 September, 2023 - 06:59

    Wahou Chris Pratt

    Il existe une option intéressante dans Gmail, mais méconnue : le mode éphémère. Il permet de programmer l'effacement de vos mails dans les boîtes de vos contacts. Il bloque aussi certaines manipulations, comme le transfert, l'impression, la copie et le téléchargement [Lire la suite]

    Abonnez-vous aux newsletters Numerama pour recevoir l’essentiel de l’actualité https://www.numerama.com/newsletter/

    • chevron_right

      Australia’s internet providers are ditching email, to the disgust of older customers

      news.movim.eu / TheGuardian · Saturday, 19 August, 2023 - 00:00

    ‘This screws us royally,’ says one disgruntled iiNet user as internet service providers such as Telstra and TPG curtail email accounts for customers

    After 30 years, Simon* is facing the prospect of moving.

    “I think we’ve been using their products since we built the house,” he says. “We’ve gone through dial-up and then eventually there was an ADSL connection.”

    Sign up for Guardian Australia’s free morning and afternoon email newsletters for your daily news roundup

    Continue reading...
    • chevron_right

      Fin du ticket de caisse en papier : on ne peut pas vous le refuser

      news.movim.eu / Numerama · Tuesday, 1 August, 2023 - 14:49

    ticket de caisse

    La disparition du ticket de caisse en papier, au profit d'une version envoyée par mail ou SMS, ne signifie pas sa disparition définitive : il est mis en retrait. Vous pouvez toujours le demander. [Lire la suite]

    Abonnez-vous aux newsletters Numerama pour recevoir l’essentiel de l’actualité https://www.numerama.com/newsletter/

    • chevron_right

      « Ton compte a été temporairement bloqué » : ne cliquez pas sur ce phishing Vinted

      news.movim.eu / Numerama · Monday, 24 July, 2023 - 14:54

    Un mail de phishing Vinted vise à récupérer vos coordonnées bancaires. Plutôt bien réalisé, avec une adresse mail convaincante, il est alarmant sur plusieurs points. [Lire la suite]

    Abonnez-vous aux newsletters Numerama pour recevoir l’essentiel de l’actualité https://www.numerama.com/newsletter/

    • chevron_right

      Typo leaks millions of US military emails to Mali web operator

      news.movim.eu / ArsTechnica · Tuesday, 18 July, 2023 - 14:34

    Montage of general and text snippets

    Enlarge (credit: FT Montage/EPA )

    Millions of US military emails have been misdirected to Mali through a “typo leak” that has exposed highly sensitive information, including diplomatic documents, tax returns, passwords and the travel details of top officers.

    Despite repeated warnings over a decade, a steady flow of email traffic continues to the .ML domain, the country identifier for Mali, as a result of people mistyping .MIL, the suffix to all US military email addresses.

    The problem was first identified almost a decade ago by Johannes Zuurbier, a Dutch Internet entrepreneur who has a contract to manage Mali’s country domain.

    Read 28 remaining paragraphs | Comments

    • chevron_right

      Critical Barracuda 0-day was used to backdoor networks for 8 months

      news.movim.eu / ArsTechnica · Tuesday, 30 May, 2023 - 23:58

    A stylized skull and crossbones made out of ones and zeroes.

    Enlarge (credit: Getty Images )

    A critical vulnerability patched 10 days ago in widely used email software from IT security company Barracuda Networks has been under active exploitation since October. The vulnerability has been used to install multiple pieces of malware inside large organization networks and steal data, Barracuda said Tuesday.

    The software bug, tracked as CVE-2023-2868, is a remote command injection vulnerability that stems from incomplete input validation of user-supplied .tar files, which are used to pack or archive multiple files. When file names are formatted in a particular way, an attacker can execute system commands through the QX operator, a function in the Perl programming language that handles quotation marks. The vulnerability is present in the Barracuda Email Security Gateway versions 5.1.3.001 through 9.2.0.006; Barracuda issued a patch 10 days ago.

    On Tuesday, Barracuda notified customers that CVE-2023-2868 has been under active exploitation since October in attacks that allowed threat actors to install multiple pieces of malware for use in exfiltrating sensitive data out of infected networks.

    Read 7 remaining paragraphs | Comments