UBUNTU-CVE-2013-7421

The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AFALG socket with a module name in the salgname field, a different vulnerability than CVE-2014-9644...

[SECURITY] Fedora 18 Update: gnupg-1.4.16-2.fc18

GnuPG GNU Privacy Guard is a GNU utility for encrypting data and creating digital signatures. GnuPG has advanced key management capabilities and is compliant with the proposed OpenPGP Internet standard described in RFC2440. Since GnuPG doesn't use any patented algorithm, it is not compatible with...

DEBIAN-CVE-2013-6449

The sslgetalgorithm2 function in ssl/s3lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service daemon crash via crafted traffic from a TLS 1.2 client...

Researchers Find Way to Extract 4096-Bit RSA Key via Sound

A trio of scientists have verified that results they first presented nearly 10 years ago are in fact valid, proving that they can extract a 4096-bit RSA key from a laptop using an acoustic side-channel attack that enables them to record the noise coming from the laptop during decryption, using a...

Matthew Green on How NSA Breaks SSL

In order for the National Security Agency to collect the massive amounts of communication it has from email and Web traffic, it needs to elude, leapfrog or bash through the barrier that is SSL. How it’s doing so is the real question, one that noted Johns Hopkins cryptographer Matthew Green wants...

A University campus card for the amount of the check algorithm to crack and fix-vulnerability warning-the black bar safety net

The campus card is a Mifare Classic card, not the original card. Its encryption is very simple, and all the cards the same key, you can use this vulnerability to modify the amount of, any on-campus consumer of!! Then you can use the phone This is to read the key, just encrypt 1 Sector to! And ver...

Github accounts compromised in massive Brute-Force attack using 40,000 IP addresses

Popular source code repository service GitHub has recently been hit by a massive Password Brute-Force attack that successfully compromised some accounts, GitHub has urged users to set up two-factor authentication for their accounts and has already reset passwords for compromised accounts. "We sen...

Github accounts compromised in massive Brute-Force attack using 40,000 IP addresses

Popular source code repository service GitHub has recently been hit by a massive Password Brute-Force attack that successfully compromised some accounts, GitHub has urged users to set up two-factor authentication for their accounts and has already reset passwords for compromised accounts. “We sen...

Mandriva Linux Security Advisory : nss (MDVSA-2013:270)

Multiple security issues was identified and fixed in mozilla NSPR and NSS : Mozilla Network Security Services NSS before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified othe...

Microsoft and Google Collaborate on Effort to Clean Web of Cild Abuse Images

Microsoft and Google are cooperating in an effort to make it much more difficult for child predators to find illegal images online by blocking search results for about 100,000 search terms. The companies also are collaborating on methods to better identify illegal abuse images and remove them mor...

Dual_EC_DRBG output using untrusted curve constants may be predictable

Overview Output of the Dual Elliptic Curve Deterministic Random Bit Generator DUALECDRBG algorithm may be predictable by an attacker who has chosen elliptic curve parameters in advance. Description NIST SP 800-90A defines three elliptic curves for use in DualECDBRG but does not describe the...

US-CERT Warns of More CryptoLocker Ransomware Infections

CryptoLocker is a devious evolution of now-familiar ransomware schemes in which the malware encrypts files it finds on a number of network resources and demands a ransom for the decryption key. US-CERT issued an advisory today warning businesses and consumers of the risks presented by CryptoLocke...

Apple Turns on BEAST Attack Mitigation by Default in Safari

Apple enabled a feature in its recent OS X Mavericks update that neutered the BEAST cryptographic attacks. BEAST is a two-year-old attack tool that exploits a vulnerability in TLS 1.0 and SSL 3.0 and could lead to an attacker stealing HTTPS cookies or hijacking browser sessions. Apple’s Safari...

Hewlett-Packard Intelligent Management Center CommonUtils Static DES/ECB Decryption Key Vulnerability

This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of Hewlett-Packard Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CommonUtil class. This application uses a stat...

[SECURITY] Fedora 19 Update: gnupg-1.4.15-1.fc19

GnuPG GNU Privacy Guard is a GNU utility for encrypting data and creating digital signatures. GnuPG has advanced key management capabilities and is compliant with the proposed OpenPGP Internet standard described in RFC2440. Since GnuPG doesn't use any patented algorithm, it is not compatible with...

[SECURITY] Fedora 20 Update: gnupg-1.4.15-1.fc20

GnuPG GNU Privacy Guard is a GNU utility for encrypting data and creating digital signatures. GnuPG has advanced key management capabilities and is compliant with the proposed OpenPGP Internet standard described in RFC2440. Since GnuPG doesn't use any patented algorithm, it is not compatible with...

[jSQL Injection v0.5] Java tool for automatic database injection

jSQL Injection is a lightweight application used to find database information from a distant server. jSQL is free, open source and cross-platform Windows, Linux, Mac OS X, Solaris. jSQL Injection change log - version 0.5 0.5 SQL shell Uploader 0.4 Admin page checker and preview Brute forcer md5...

Java: XML signature spoofing

A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via ...

Shylock/Caphaw Banking Malware Infections on the Rise

Two dozen major U.S. and European banks are in the crosshairs of the Shylock, or Caphaw, financial malware of late, and victims who trade with one of the 24 financial institutions are at risk of giving up their credentials and losing assets in their accounts. Malware researchers have noticed a ri...

Fedora Update for perl-Crypt-DSA FEDORA-2013-15786

Check for the Version of perl-Crypt-DSA OpenVAS Vulnerability Test Fedora Update for perl-Crypt-DSA FEDORA-2013-15786 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify ...