Design/Logic Flaw

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the January 2014 CPU. Oracle ha...

java security update

CentOS Errata and Security Advisory CESA-2014:0027 Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring Syst...

How Dark Mail Plans to Build an Open, Secure Email Platform

The new Dark Mail Alliance formed this week by Lavabit and Silent Circle will offer an open platform for secure email that will use existing protocols and cloud storage as a way to evade surveillance. The new system, which should be available next year, is in some ways a throwback to the...

FreeBSD : gnupg -- side channel attack on RSA secret keys (80771b89-f57b-11e2-bf21-b499baab0cbe)

A Yarom and Falkner paper reports : Flush+Reload is a cache side-channel attack that monitors access to data in shared pages. In this paper we demonstrate how to use the attack to extract private encryption keys from GnuPG. The high resolution and low noise of the Flush+Reload attack enables a sp...

gnupg -- side channel attack on RSA secret keys

A Yarom and Falkner paper reports: Flush+Reload is a cache side-channel attack that monitors access to data in shared pages. In this paper we demonstrate how to use the attack to extract private encryption keys from GnuPG. The high resolution and low noise of the Flush+Reload attack enables a spy...

Microsoft Asks AG to Let It Publish Detailed Data Request Information

Microsoft, responding to allegations that the company has helped the NSA circumvent encryption in Skype and Outlook.com and provided direct access to data from those and other services, says that it does none of those things and is petitioning the government for permission to publish more...

Name.com Data Breach Forces Password Breach

Domain registrar Name.com has informed its customers via email of a data breach and asked them to reset their passwords. The company, based in Denver, said it discovered a breach and customer account information such as encrypted credentials and credit card numbers may have been accessed along wi...

Ubuntu 7.04 / 7.10 / 8.04 LTS : openssl vulnerability (USN-612-1)

A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledg...

Windows Phone7 < 7.10.8107 Out-of-Date SSL Certificate Blacklist

Binary data windowsphone7108107.nbin...

Ubuntu Update for python-crypto USN-1484-1

Ubuntu Update for Linux kernel vulnerabilities USN-1484-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN14841.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for python-crypto USN-1484-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.ne...

Ubuntu: Security Advisory (USN-1484-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EMC IRM License Server 4.6.1.1995 - Denial of Service

Luigi Auriemma Application: EMC IRM License Server http://www.emc.com Versions: = 4.6.1.1995 Platforms: Windows Bugs: A "version compat check" FIPS NULL pointer B freezing caused by multiple commands C NULL pointer caused by commands after invalid version Exploitation: remote Date: 10 Apr 2012...

Train-switching system can be vulnerable to DDoS attack

Train-switching system can be vulnerable to DDoS attack Hackers who have shut down websites by overwhelming them with web traffic could use the same approach to shut down the computers that control train switching systems, a security expert said at a hacking conference in Berlin. Prof. Stefan...

How the Duqu Authors May Have Erred

Duqu has been called the spawn of Stuxnet, or maybe some sort of stepchild or second cousin. That initial analysis came from some similarities in the code of the two attack tools, and now that researchers have had more time to pull Duqu apart and see how it works, it seems more and more likely th...

Is it hard to crack full Disk Encryption For Law Enforcement ?

Is it hard to crack full Disk Encryption For Law Enforcement ? If you'd rather keep your data private, take heart: disk encryption is a lot harder to break than techno-thriller movies and TV shows make it out to be, to the chagrin of some branches of law enforcement. MrSeb writes with word of a...

OpenSSL < 0.9.5a /dev/random Check Failure

According to its banner, the version of OpenSSL running on the remote host is less than 0.9.5a. On a FreeBSD system running on the Alpha architecture, versions earlier than that may not use the /dev/random and /dev/urandom devices to provide a strong source of cryptographic entropy, which could...

Fraudulent Digital Certificates Could Allow Spoofing

US-CERT is aware of public reports that DigiCert Sdn. Bhd has issued 22 certificates with weak encryption keys. This could allow an attacker to use these certificates to impersonate legitimate site owners. DigiCert Sdn. Bhd has revoked all the weak certificates that they issued. Entrust, the pare...

TYPO3 Winstaller Default Encryption Keys

This module exploits known default encryption keys found in the TYPO3 Winstaller. This flaw allows for file disclosure in the jumpUrl mechanism. This issue can be used to read any file that the web server user account has access to view. The method used to create the juhash short MD5 hash was...

Tor anonymizing network Compromised by French researchers

Tor anonymizing network Compromised by French researchers French researchers from ESIEA, a French engineering school, have found and exploited some serious vulnerabilities in the TOR network. They performed an inventory of the network, finding 6,000 machines, many of whose IPs are accessible...

Company Offers Tool To Break iPhone Encryption

ElcomSoft, a Russian security firm, claims that a new encryption cracking tool can decode data encrypted on mobile devices running Apple’s iOS operating system. Elcomsoft says it has developed the first ever commercially available password and encryption cracking tool. The company has made a phon...