Experts Worry About Long-Term Implications of NSA Revelations

With all of the disturbing revelations that have come to light in the last few weeks regarding the NSA’s collection methods and its efforts to weaken cryptographic protocols and security products, experts say that perhaps the most worrisome result of all of this is that no one knows who or what...

Information disclosure

The SSL implementation in IBM Security AppScan Enterprise before 8.7.0.1 enables cipher suites with weak encryption algorithms, which makes it easier for remote attackers to obtain sensitive information by sniffing the network...

KLA10208 OSI vulnerability in IBM Security AppScan

Weak encryption algorithms were found in IBM Security AppScan. By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited remotely at a point related to SSL. Original advisories - Related products...

[oclHashcat-plus v0.15] Advanced Password Recovery

This version is the result of over 6 months of work, having modified 618,473 total lines of source code. Before we go into the details of the changes, here's a quick summary of the major changes: Added support for cracking passwords longer than 15 characters Added support for mask-files, which...

Microsoft discontinues MD5 crypto for digital certificates to improve RDP Authentication

This week Microsoft has released several advisories to help their users update from weak crypto. Microsoft is beginning the process of discontinuing support for digital certificates that use the MD5 hashing algorithm and to improve the network-level authentication for the Remote Desktop Protocol...

[SECURITY] Fedora 19 Update: ghc-xmonad-contrib-0.11.2-1.fc19

Third party tiling algorithms, configurations and scripts to xmonad, a tiling window manager for X. For an introduction to building, configuring and using xmonad extensions, see "XMonad.Doc". In particular: "XMonad.Doc.Configuring", a guide to configuring xmonad "XMonad.Doc.Extending", using the...

Jason Geffner on Tortilla

Dennis Fisher talks with Jason Geffner of CrowdStrike about the new tool he released at Black Hat called Tortilla and his research on malware that uses domain-generating algorithms. audio https://media.threatpost.com/wp-content/uploads/sites/103/2013/08/07043604/digitalunderground120.mp3 Download...

Oracle Linux 4 : gnutls (ELSA-2008-0492)

From Red Hat Security Advisory 2008:0492 : Updated gnutls packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The GnuTLS Library provides support for...

Oracle Linux 4 : gnutls (ELSA-2010-0167)

From Red Hat Security Advisory 2010:0167 : Updated gnutls packages that fix two security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, whic...

apache-cxf: XML encryption backwards compatibility attacks

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic...

apache-cxf: XML encryption backwards compatibility attacks

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic...

[Hashcat v0.45] Advanced Password Recovery

changes v0.44 - v0.45: Release with some new algorithms: AIX smd5 AIX ssha1, ssha256, ssha512 GOST R 34.11-94 We managed also to fix some bugs and implement some additional feature requests Full changelog: type: feature file: hashcat-cli desc: show status screen also when all hashes were recovere...

Peer-to-Peer Botnet Takedowns a Challenge

The FBI, Justice Department and technology companies have had success shutting down botnets that rely on a centralized infrastructure and command and control servers to communicate with bots, steal data or send malicious commands. Peer-to-peer botnets, however, have proven more difficult to take...

CentOS Update for gnutls CESA-2013:0883 centos5

Check for the Version of gnutls OpenVAS Vulnerability Test CentOS Update for gnutls CESA-2013:0883 centos5 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...

CentOS Update for gnutls CESA-2013:0883 centos6

Check for the Version of gnutls OpenVAS Vulnerability Test CentOS Update for gnutls CESA-2013:0883 centos6 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...

RHEL 5 / 6 : gnutls (RHSA-2013:0883)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:0883 advisory. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security TLS. It was discovered that t...

RedHat Update for gnutls RHSA-2013:0883-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scripttagname:"affected",...

CentOS Update for gnutls CESA-2013:0883 centos5

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

gnutls security update

CentOS Errata and Security Advisory CESA-2013:0883 Updated gnutls packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS...

apache-cxf: XML encryption backwards compatibility attacks

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic...