CVE-2016-4340: Privilege escalation via "impersonate" feature in existing v14.0/1 GitLab deployments

It has come to our attention that existing deployments of TurnKey GitLab (versions 14.0 & 14.1) are vulnerable to CVE-2016-4340, a critical security issue that allows authenticated users to escalate their privileges to that of an Administrator.

This issue has been fixed with many others by the GitLab project, as detailed in the 2016-05-02 GitLab Security Advisory.

Due to the seriousness of the issue, new builds of TurnKey GitLab have been published today so new deployments are not vulnerable.

Blog Tags: 

TurnKey Magento NOT vulnerable to CVE-2016-4010 remote PHP code execution

Thanks to vondrt4 for bringing CVE-2016-4010 to our attention. This was a potentially critical vulnerability in Magento that turns out not to apply to TurnKey Magento, because it only effects Magento versions 2.0 - 2.0.5. The current version of TurnKey Magento is based on Magento 1.9.X.

The binary option scam: Evil Incorporated vs the "Don't Be Evil" corporation

All that is required for evil to triumph is for good men to do nothing

—Edmund Burke

Today I'm going to digress a bit from all things TurnKey related to shine a much needed light on a monster I found lurking in my backyard.

SCAM