Cisco Blogs


Cisco Blog > Security > Threat Research

Talos Discovered Three More Vulnerabilities in Pidgin

This post was authored by Yves Younan and edited by Armin Pelkmann

Table of contents

CVE-2014-3697, VRT-2014-0205
CVE-2014-3696, VRT-2014-0204
CVE-2014-3695, VRT-2014-0203

Cisco Talos is announcing the discovery and patching of another three 3 CVE vulnerabilities in Pidgin (An open-source multi-platform instant messaging client -- see wikipedia page). These vulnerabilities were discovered by our team and reported to the Pidgin team. They were found during our initial look at Pidgin which resulted in the first 4 vulnerabilities released in January, but were reported to Pidgin a little later and took longer to get patched. Now that these vulnerabilities were patched in the latest version of Pidgin, 2.10.10, we want to publicly disclose our findings.

 

The first vulnerability (CVE-2014-3697, VRT-2014-0205) is in the routines Pidgin uses to handle smiley and theme packages in Windows. These packages can be downloaded from websites and installed by dragging and dropping them to Pidgin. The packages are TAR files and Pidgin handles them by un-tarring the files to a specific directory. Read More »

Tags: , , , , , ,

Cloudburst: iOS 8 Generates 50% Increase in Network Traffic

Many network engineers recall the iOS7 update on September 18, 2013 as one of the most historic download days of their network’s history. All the more reason for us in the wireless world who anxiously anticipated the September 17 release of iOS8.

We asked a few of our customers to monitor the effect of the software release on their networks and the results for the first two days are in. Those in the education and healthcare space in particular are filled with early adopters of WiFi technology and devices, and eager to get their hands on the latest updates.

Joe Rogers, Associate Network Director at the University of South Florida shared this picture with us from 1pm September 17th, showing 1 Gbps more traffic than he would normally see at this time of day:

usf

Another customer, Greg Sawyer, Manager of Infrastructure Services, shared this picture of the iOS8 effect on his network at the UNSW Australia.

unsw

He noted that his experience handling the release this year felt smoother than last year, despite the new peak internet download of 4.65 Gbps and 21Tb downloaded for the day! Not too surprising when considering that there were 27,000 concurrent connections on the wireless network and approximately 60% of those being Apple devices.

How should organizations be considering and handling these network spikes? I sat down with Cisco technical leaders Matt MacPherson and Chris Spain (@Spain_Chris) to get some insight on the effect of big updates like iOS8 on the wireless network. Here are some of the highlights of what we discussed:

The World We Live In

The truth is, more and more services are being moved to the cloud—a cloud that will push updates to millions & in the future billions of users and devices on our networks. Read More »

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Cisco 2014 Midyear Security Report: Brush Your Teeth, Change Your Passwords, Update Your Software

Listening to the radio on the way to work recently, I heard that hackers had stolen some 1.2 billion usernames and passwords, affecting as many as 420,000 websites. When asked what listeners could do to protect themselves, the security expert speaking recommended changing passwords.

He did not mention which ones. Indeed, the names of the compromised sites have not even been publicly named for fear of making the problem worse, so there is no way of knowing how to prioritize which passwords to change. Adding to my irritation, I had just changed several passwords in the wake of the Heartbleed/OpenSSL compromise a few months ago. Perhaps like you, I have more than 100 passwords. Changing them all is not really an option. Read More »

Tags: , , , , , , ,

NCSAM 2013 Wrap-Up: Cisco Thought Leadership Regarding a Different Ghost in the Machine

Is it the end of October already? As has been true for centuries, there is a tradition for children to wear costumes and disguise themselves while going door to door with a simple question: “Trick or treat?” While I am not sure there is a coincidence, but having National Cyber Security Awareness Month (NCSAM) end on a day characterized by pranks, false identifications and the like seems appropriate. And what scary stories we had to tell!

Read More »

Tags: , , , , , ,