3721 matches found
struts2 high-risk vulnerabilities, or may lead the Internet Security disaster-vulnerability warning-the black bar safety net
2 0 1 3 year 7 month 1 7 day is a many security operations, hackers sleepless nights...... Struts2 high-risk vulnerabilities to cause massive information leakage will affect countless Internet users, probably no one will be spared......) To exploit the vulnerability, a hacker can initiate remote...
The U.S., China and Glass Houses
That was quite a show the government put on Monday. The dramatic press conference featuring Attorney General Eric Holder, the coordinated press leaks ahead of the announcement, the strong statements about the sanctity of American commerce and how the United States will prosecute those who conduct...
China Bans Microsoft Windows 8 for Government Computers
While US government is always prohibiting the purchase of Huawei products due to suspected backdoors from the Chinese government, China also keep itself totally apart from the US productions. China is a bit famous for using its own operating systems, smartphone application services and lots more,...
'Anonymous Philippines' hacks Hundreds of Chinese Government Websites
A Philippine Hacker group claiming ties with the hacktivist collective Anonymous defaced early Monday several Chinese Government websites. "Anonymous Philippines" claimed responsibility for defacing more than 200 Chinese websites in retaliation for Beijing's aggressive actions in the West...
Anymacro 邮件系统最新版SQL注入漏洞
简要描述: 厂商一直回复说,不是最新版的,现在我就捅几枚最新版的菊花出来,谢谢。。。 详细说明: 0x001 anymacro是国内较流行的一家企业级邮箱系统,客户主要为教育/政府机构。 今天所发现的SQL注入影响所有Anymacro所有邮件系统。 0x002 漏洞分析 本次属于黑盒测试。。。 漏洞点在网盘处,在下载里面的附件的时候,由于参数未进行判断,导致产生SQL注入漏洞 https://mail.xxx.com/down.php?netdisk=1...
大汉版通政府信息公开系统SQL注射
简要描述: 政府信息公开系统 详细说明: 政府信息公开系统 某处sql注射漏洞 注入点 zfxxgk/subjectinfo.jsp?subjectbm= subjectbm参数过滤不严,导致注入 政府网站案例 sqlmap.py -u "http://xxgk.sihong.gov.cn/zfxxgk/subjectinfo.jsp?subjectbm=" --is-dba --dbs payload Place: GET Parameter: subjectbm Type: boolean-based blind Title: AND boolean-based blind -...
EFF Who Has Your Back Privacy Report Hails Apple, Yahoo
Technology companies have responded to the challenge to privacy and civil liberties unearthed by the Snowden leaks with a determined effort to increase transparency around government requests for user data. Some have done a better job than others. Large ISPs such as AT&T, Verizon and Comcast...
用友某办公平台SQL注入漏洞(system)
简要描述: 详细说明: 总 、 疯狗叔叔.....通用型的。。等待确认 全版本sql注入漏洞,直接拿下服务器的。。。无需登录 intitle:"fe协作" 涉及客户群体为: 大型企业(如:拉芳集团等等超大企业)、学校(北京师范)、医药、政府(如:珠海市人民防空办公室、广东省渔政总队珠海支队、广东煤炭地质局等等。。。)、能源(电网)、银行等等 http://oa.bamatea.com http://oa.moonbasa.com http://oa.etonetech.com http://oa.ztcz.cn http://218.249.130.74...
Former NSA Director Addresses Crypto Standard Subversion
During the last 11 months of mounting leaks and revelations about the government’s surveillance operations and the lengths it will go to gain intelligence on foreign threats, perhaps the most disturbing revelation was the intentional subversion of widely used cryptographic standards. It’s also be...
Judiciary Committee Approves Bill Limiting NSA Surveillance
The House Judiciary Committee met yesterday in a hearing to discuss, amend and approve the USA FREEDOM Act, which aims to rein in the National Security Agency’s surveillance powers and place new limits on authority granted under the USA PATRIOT Act and the Foreign Intelligence Surveillance Act...
US Navy's Nuclear Reactor System Administrator Arrested on Hacking Charges
The United States charged two men for their involvement in a conspiracy to hack into the computer systems of dozens of government and commercial organizations, including the U.S. Navy and National Geospatial-Intelligence Agency NGA, according to the U.S. Attorney's Office in Tulsa. On Monday, the...
USA FREEDOM Act Revised to Limit NSA Surveillance
UPDATE: A prior version of this story incorrectly noted that the bill revisions included a clause that would require an earlier re-authorization to the PATRIOT Act, when in fact the revisions push that re-authorization date more than two years further into the future. The House Judiciary Committe...
NIST SP 800-52 Revision 1 Recommends TLS 1.2 by Jan. 1, 2015
U.S. federal government agencies are being told they should move to TLS 1.2 by the beginning of 2015. The National Institute for Standards and Technology, NIST, recently released NIST Special Publication 800-52 Revision 1, which includes the final public comments made since SP 800-52 was withdraw...
Flash Zero Day Used to Target Victims in Syria
A couple days after Microsoft warned users about a new vulnerability in Internet Explorer that’s being used in targeted attacks, Adobe on Monday said that researchers have discovered a zero day in Flash, as well, which attackers are using to target victims in Syria through a watering hole attack ...
Analyze Cryptographic Specifications: Cryptol
The Cryptol specification language was designed by Galois for the NSA’s Trusted Systems Research Group as a public standard for specifying cryptographic algorithms. A reference specification can serve as the formal documentation for a cryptographic module. Unlike current specification mechanisms,...
Mail Server In a Box
Mail-Box : Mass electronic surveillance by governments revealed over the last year has spurred a new movement to re-decentralize the web, that is, to empower netizens to be their own service providers again. SMTP, the protocol of email, is decentralized in principle but highly centralized in...
New NIST AppVet Aims to Streamline Application Security
Apple and Google put developers’ apps through a relatively vigorous screening process before they make their way into their respective app stores. Now developers who produce apps intended for use on internal networks at government agencies can get a vetting process of their own. The National...
Experts Worry About Future of Critical Infrastructure Security
SAN FRANCISCO–The problem of critical infrastructure security has become a key issue in the last few years, as high-profile attacks such as Stuxnet and others have grabbed headlines and alerted politicians and others to the weaknesses facing these vital systems. It’s an issue that Eugene Kaspersk...
Than imagined more terror! OpenSSL“effort”vulnerability in-depth analysis-vulnerability warning-the black bar safety net
Author: yaoxi original source http://blog.wangzhan.360.cn/ Recently, OpenSSL broke this year's most serious security vulnerability in the hacker community is named“heart bleed”vulnerability. 3 6 0 site Guard security team of the vulnerability analysis, the vulnerability is not only related to htt...
Bruce Schneier on Surveillance at Source Boston keynote
BOSTON – History is not entirely kind to those responsible for the Industrial Age in the 19th century. How, for example, were the consequences of industrial innovation such as pollution largely ignored? Flash forward to today’s digital age and ask the same question: How are those responsible for...