Cisco Unified Computing System Software KVM Encryption Vulnerability

A vulnerability in Cisco Unified Computing System software KVM could allow an unauthenticated, remote attacker to intercept a KVM connection to spoof a host or decrypt keyboard and mouse events on an encrypted channel. The vulnerability is due to a hard coded SSL certificate. An attacker could...

[sslnuke] SSL without verification isn't secure!

We have all heard over and over that SSL without verification is not secure. If an SSL connection is not verified with a cached certificate, it can easily be hijacked by any attacker. So in 2013, one would think we had totally done away with this problem. Browsers cache certificates and very loud...

Apple Mac OS X 'IPSec Hybrid Auth' 服务器证书安全绕过漏洞(CVE-2013-1028)

BUGTRAQ ID: 62371 CVECAN ID: CVE-2013-1028 Apple Mac OS X是苹果电脑操作系统软件。 Mac OS X 10.8 - 10.8.4存在安全漏洞，攻击者可以截获IPSec Hybrid Auth所保护的数据。IPSec Hybrid Auth服务器的DNS名称没有匹配证书，可使具有任何服务器证书的攻击者利用此漏洞模拟其他服务器。 0 Apple Mac OS X 10.8 - 10.8.4 Apple Mac OS X 厂商补丁： Apple ----- Apple已经为此发布了一个安全公告（HT5880）以及相应补丁:...

Researchers Reverse Engineer Dropbox

Researchers have cracked open cloud storage service Dropbox, reverse engineering the encryption protecting the client in order to open it up to further security analysis. The engineers, Dhiru Kholia of Openwall and Przemyslaw Wegrzyn of CodePainters, also managed to demonstrate how to use...

SuSE 11.2 / 11.3 Security Update : Apache2 (SAT Patch Numbers 8137 / 8138)

This collective update for Apache provides the following fixes : - Make sure that input that has already arrived on the socket is not discarded during a non-blocking read read2 returns 0 and errno is set to -EAGAIN. bnc815621 - Close the connection just before an attempted re-negotiation if data...

CVE-2013-4964

Puppet Enterprise before 3.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

CVE-2013-4964

Puppet Enterprise before 3.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

Session fixation

Puppet Enterprise before 3.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

CVE-2013-4964

Puppet Enterprise before 3.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

Israel's Verint Systems get a contract from Indian government for interception program

Soon in December this year, India's new surveillance program - Centralized Monitoring System CMS will be able to analyze all telecommunications and Internet communications in India by the government and its agencies. This means that everything we say or text over the phone, write, post or browse...

Israel's Verint Systems get a contract from Indian government for interception program

Soon in December this year, India’s new surveillance program - Centralized Monitoring System CMS will be able to analyze all telecommunications and Internet communications in India by the government and its agencies. This means that everything we say or text over the phone, write, post or browse...

Symantec Web Gateway 5.1.0 - Multiple Vulnerabilities

Exploit for php platform in category web applications ======================================================================= title: Multiple vulnerabilities - Surveillance via Symantec Web Gateway product: Symantec Web Gateway vulnerable version: = 5.1.0. fixed version: 5.1.1 CVE number:...

Symantec Web Gateway 5.1.0.x - Multiple Vulnerabilities

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities - Surveillance via Symantec Web Gateway product: Symantec Web Gateway vulnerable version: = 5.1.0. fixed version: 5.1.1 CVE number: CVE-2013-1616...

Verizon Network Extender femtocell hack intercepts calls

A $250 piece of hardware known as a femtocell, used to boost mobile phone signals for consumers and small businesses, is vulnerable to a complete takeover that attackers can use to intercept Internet traffic and cell phone calls. Two researchers from iSEC Partners are expected to provide more...

Hackers turn Verizon signal booster into a mobile hacking machine

A group of hackers from security firm iSEC found a way to tap right into verizon wireless cell phones using a signal-boosting devices made by Samsung for Verizon and cost about $250. They hack Verizon's signal-boosting devices, known as femtocells or network extenders, which anyone can buy online...

BlackBerry allows Indian government to Intercept emails and Chats

In 2010 the Indian authorities threatened to shut down BlackBerry's infrastructure unless it agreed to comply with lawful access requirements providing the government a way to intercept messages in order to prevent terrorist attacks. The long time dispute between the Indian government and...

BlackBerry allows Indian government to Intercept emails and Chats

In 2010 the Indian authorities threatened to shut down BlackBerry's infrastructure unless it agreed to comply with lawful access requirements providing the government a way to intercept messages in order to prevent terrorist attacks. The long time dispute between the Indian government and...

Microsoft handed over encrypted messages key and Skype calls access to NSA

New top secret documents provided by Edward Snowden exposed that Microsoft worked hand-in-hand with the United States government and handed the NSA access to encrypted messages and built a series of backdoors into Outlook.com, Skype, and SkyDrive to ease difficulties in accessing online...

Microsoft handed over encrypted messages key and Skype calls access to NSA

New top secret documents provided by Edward Snowden exposed that Microsoft worked hand-in-hand with the United States government and handed the NSA access to encrypted messages and built a series of backdoors into Outlook.com, Skype, and SkyDrive to ease difficulties in accessing online...

CVE-2012-5936

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 do not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...