BIND Critical flaw causes Internet outage

Widely used DNS server software - BIND is under attacked to cause disruption in the internet service for many users. The BIND versions 9.1.0 to 9.10.2-P2 are affected and can be exploited to crash DNS servers that are powered by the software. Internet Systems Consortium (ISC) has released a patch to rectify this critical issue that affects both authoritative and recursive DNS servers with a single packet. ISP configures recursive DNS servers for most computers and routers. If those DNS servers becomes unresponsive due to any circumstances, the computers that users that use them will not be able to find websites. According to ISC advisory, patching is the only available option so operators are required to apply the security patch as early as possible. <more>

Apple PATCHES OS X and iOS bugs

Apple has releases patches for various security flaws found in its desktop and mobile operating systems. Apple users are waiting for the new releases of iOS 9 and OS X 10.11, but they have to apply security updates for iOS 8 and OS X 10.10. It is believed to be the first major Apple security patch updates since April 8. OS X 10.10.4 security update fixes three vulnerabilities in Apple's Admin framework allowing intruders to get full admin rights.  Apple Type Services also get the fix for four vulnerabilities allowing remote code execution on the compromised systems. Similarly, six security flaws have been fixed in the CoreText library. One fix is for Apple's high-speed Thunderbolt interface that could allow intruders to execute arbitrary code. Intel graphics driver used in OS X is being patched for eight vulnerabilities mostly occur due to buffer overflow. Apple iOS 8.4 addresses 30 vulnerabilities across Safari’s browser engine, the WiFi manager, the SQLite library, Safari, Mail, the OS kernel, FontParser, coreTLS and CoreText. Company urges users to apply the update on earliest basis. <more>

'Selfies' a new authentication method for MasterCard

Taking selfies usually considered by many people as a mental disorder and we have read several reports regarding this, but not anymore now as one of the largest online payment system is going for a trial to take selfies as replacement authentication for passwords. MasterCard said that it will test this new mechanism just to know that how much it will be effective to minimize fraud threats. Facial recognition is not new as several smartphones use this feature to unlock the device. Although security researchers still obscure about the robustness of such authentication system as there are multiple instances in the past where intruders are able to bypass the mechanism. If all goes well, MasterCard plans to integrate facial recognition in smartphone application that initiates when a payment needs to be made, asking for authorization through fingerprint or facial analysis. <more>