LC4: Another Pen-and-Paper Cipher

Interesting symmetric cipher: LC4: Abstract: ElsieFour LC4 is a low-tech cipher that can be computed by hand; but unlike many historical ciphers, LC4 is designed to be hard to break. LC4 is intended for encrypted communication between humans only, and therefore it encrypts and decrypts plaintexts...

SSL Labs Grading Update: Forward Secrecy, Authenticated Encryption and ROBOT

Update March 1, 2018: The completion of these changes is documented under Version 1.31.0 in the SSL Labs Changelog. We are giving advance notification for following grading criteria changes applying from March 1, 2018: Not using forward secrecy, not using AEAD suites, and vulnerability to ROBOT...

PT-2017-3585 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.14.13 Description: The issue is related to errors in resource management within the Parallel Crypto Engine crypto/pcrypt.c subsystem of the Linux operating system. It can be exploited by executing a specially...

[SECURITY] Fedora 26 Update: borgbackup-1.1.3-1.fc26

BorgBackup short: Borg is a deduplicating backup program. Optionally, it supports compression and authenticated encryption...

[SECURITY] Fedora 27 Update: borgbackup-1.1.3-1.fc27

BorgBackup short: Borg is a deduplicating backup program. Optionally, it supports compression and authenticated encryption...

[SECURITY] Fedora 24 Update: borgbackup-1.0.7-1.fc24

BorgBackup short: Borg is a deduplicating backup program. Optionally, it supports compression and authenticated encryption...

[SECURITY] Fedora 25 Update: borgbackup-1.0.7-1.fc25

BorgBackup short: Borg is a deduplicating backup program. Optionally, it supports compression and authenticated encryption...

MGASA-2015-0064 Updated owasp-esapi-java packages fix CVE-2013-5679

Updated owasp-esapi-java packages fix security vulnerability: The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API ESAPI for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier f...

Updated owasp-esapi-java packages fix CVE-2013-5679

Updated owasp-esapi-java packages fix security vulnerability: The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API ESAPI for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier f...

CVE-2013-5679

The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API ESAPI for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protectio...

CVE-2013-5960

CVE-2013-5960 affects OWASP ESAPI for Java (authenticated-encryption in the symmetric-encryption implementation) and could allow remote bypass of cryptographic protections through tampering of serialized ciphertext in non-default cipher-mode configurations. IBM Sterling B2B Integrator bulletin co...