Security and Privacy Management of IoT Using Quantum Computing

The convergence of the Internet of Things IoT and quantum computing is redefining the security paradigm of interconnected digital systems. Classical cryptographic algorithms such as RSA, Elliptic Curve Cryptography ECC, and Advanced Encryption Standard AES have long provided the foundation for...

CVE-2005-3087

The SecureW2 3.0 TLS implementation uses weak random number generators rand and srand from system time during generation of the pre-master secret PMS, which makes it easier for attackers to guess the secret and decrypt sensitive data...

SUSE SLES12 Security Update : nodejs16 (SUSE-SU-2023:2655-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2655-1 advisory. - The vulnerability exists due to the use of proto in process.mainModule.proto.require. This allows to bypass the policy mechanism...

How to try to predict the output of Micali-Schnorr Generator (MS-DRBG) knowing the factorization. Part II

See also Part I and Part III of this series tl;dr In the previous article of the same series we tried to predict the output of Micali-Schnorr Generator MS-DRBG knowing the factorization. In this blog post we continue the effort started in part I showing different strategies. If you want to skip a...

CVE-2017-9864

Summary of CVE-2017-9864 (SMA Solar Technology inverter/time setting issue) : An attacker can change the plant time on SMA Solar Technology inverters (notably Sunny Boy TLST-21/TL-21 and Sunny Tripower TL-10/TL-30) without authentication, causing the system time to shift. This can affect timestam...

The vulnerability of the Flash Player software platform, which allows attackers to compromise the confidentiality of information

The vulnerability of the Flash Player software platform’s random number generators is related to the lack of protection for operational data. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality of information...

LogicalDoc Document Managment System CE: source code security analysis report

Several vulnerabilities were discovered in LogicalDOC 'LogicalDoc Document Managment System CE' software: Утечка пользовательских данных между сессиями Использование XSL трансформации для исполнения произвольного кода Отсутствие верификации цифровой подписи исполняемых файлов, полученных из...

Allfresco Community Edition: source code security analysis report

Several vulnerabilities were discovered in Alfresco Software 'Allfresco Community Edition' software: Утечка пользовательских данных между сессиями Использование XSL трансформации для исполнения произвольного кода Использование метода finalize Отсутствие верификации цифровой подписи исполняемых...

IBM Patches Predictable Output Problem in SecureRandom PRNG

Details have surfaced on a recently patched vulnerability in IBM’s SecureRandom pseudo-random number generator that could allow an attacker to predict its output. Only the default SecureRandom implementation in the IBM Java Cryptography Extension JCE framework is vulnerable; IBM recommends that...

NIST removes Dual EC DRBG from SP 800-90A

The maligned Dual EC DRBG random number generator at the core of a $10 million secret contract between RSA Security and the National Security Agency has been removed from NIST’s draft guidance on random number generators. The National Institute for Standards and Technology said it will request...

Cryptanalysis Remains for TrueCrypt Audit

Phase two of the TrueCrypt audit figures to be a labor-intensive, largely manual cryptanalysis, according to the two experts behind the Open Crypto Audit Project OCAP. Matthew Green, crypto expert and professor at Johns Hopkins University, said a small team of experts will have to, by hand, exami...

TrueCrypt is Secure; Encryption Tool cleared the First Phase of Security Audit

Is TrueCrypt Audited Yet? Yes, In Part! One of the world's most-used open source file encryption software trusted by tens of millions of users - TrueCrypt is being audited by a team of experts to assess if it could be easily exploited and cracked. Hopefully it has cleared the first phase of the...

FreeBSD Bans Intel, Via Chips

FreeBSD, the open-source operating system, announced that it will no longer support Intel’s RdRand and Via Technology’s Padlock on-chip random number generators RNGs moving forward in new versions of the UNIX-like operating system. The move apparently follows reports from earlier this year that t...

Bitcoins - Secured by NSA designed Encryption or Backdoored ?

It’s been nearly three months since Edward Snowden started telling the world about the National Security Agency’s mass surveillance of global communications. After the last week report that the National Security Agency has leveraged its cooperative relationships with specific industry partners to...

Fedora Update for libtomcrypt FEDORA-2013-14488

Check for the Version of libtomcrypt OpenVAS Vulnerability Test Fedora Update for libtomcrypt FEDORA-2013-14488 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

Oracle Linux 5 : kernel (ELSA-2009-1455)

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2009-1455 advisory. - Revert: net atalk/irda: memory leak to user in getname Danny Feng 519309 519310 CVE-2009-3001 CVE-2009-3002 - net atalk/irda: memory leak to user in getname...

What You Need to Know About the RSA Key Research

It’s always slightly disorienting and confusing when a story about something as esoteric as weak encryption keys produced by poor random number generators makes its way into the real world and begins scaring the citizens. This can lead to confusion and worry about whether everyone’s online bankin...

ICMP Timestamp Detection

The remote host responded to an ICMP timestamp request. The Timestamp Reply is an ICMP message which replies to a Timestamp message. It consists of the originating timestamp sent by the sender of the Timestamp as well as a receive timestamp and a transmit timestamp. This information could...

Multiple security vulnerabilities in Bluetooth protocol and Bluetooth stacks implementations

Buffer overflows, weak authentication algorithm, weak pseudo-random number generators, directory traversals, etc...

CVE-2005-3087

The SecureW2 3.0 TLS implementation uses weak random number generators rand and srand from system time during generation of the pre-master secret PMS, which makes it easier for attackers to guess the secret and decrypt sensitive data...