CVE-2015-3456 ‘VENOM’ – And it was all going so well…

After a relatively long period without a potentially-catastrophic vulnerability to report, we must again break out the hard hats as the numerically-improbable ‘CVE-2015-3456‘ is here and it wants to kill your datacentre. It’s called VENOM, in case you were wondering. … Continue reading

Posted in Current Threats, General Security, Information Security, Web Security | 1 Comment

How To Train Your POODLE part II – Servers and Infrastructure

In our previous blog post, we gave a quick overview of the ‘POODLE’ SSLv3.0 vulnerability, followed by tips for mitigating the risks on client applications. In this post, we will focus our attention on server side strategies. For servers using … Continue reading

Posted in Current Threats, General Security, Microsoft, Web Security | Comments Off on How To Train Your POODLE part II – Servers and Infrastructure

Bash ‘Shellshock’ Bug – Now You Can Panic

UPDATE: The initial round of patches to fix CVE-2014-6271 have proven ineffective at fully resolving the issue; a new CVE code has been issued, “CVE-2014-7169“, use this to track news and updates regarding this bug and patch status. Remember Heartbleed? Get ready to … Continue reading

Posted in Apple, Current Threats, General Security, Web Security | Comments Off on Bash ‘Shellshock’ Bug – Now You Can Panic

Content filtering and the University

The issue of web content filtering is one which crops up every so often within the University. Do we give our users the freedom to visit any content they like, provided that University regulations (and the law of the land) … Continue reading

Posted in Web Security | Comments Off on Content filtering and the University