PT-2013-1808 · Apache · Apache Cxf

Name of the Vulnerable Software and Affected Versions: Apache CXF versions 2.5.x through 2.5.9 Apache CXF versions 2.6.x through 2.6.6 Apache CXF versions 2.7.x through 2.7.3 Description: The issue allows remote attackers to force the use of weaker cryptographic algorithms than intended, making i...

Cracking Cryptography and Encryption Exponentially Easier

It’s been a brutal month for crypto. Starting with the Black Hat conference, researchers, engineers and hackers have been unveiling new weaknesses and attacks in different cryptographic implementations that threaten the security of communication and commerce on the Web. Not only have holes been...

[SECURITY] Fedora 18 Update: gnupg-1.4.14-1.fc18

GnuPG GNU Privacy Guard is a GNU utility for encrypting data and creating digital signatures. GnuPG has advanced key management capabilities and is compliant with the proposed OpenPGP Internet standard described in RFC2440. Since GnuPG doesn't use any patented algorithm, it is not compatible with...

Microsoft Releases Security Advisory

Microsoft has released Security Advisory 2862973 impacting applications and services using certificates with the MD5 hashing algorithm. Usage of the MD5 hash algorithm in certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. US-CERT...

MS KB2862973: Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root Certificate Program

The remote host is missing Microsoft KB2862973, an update that restricts the use of certificates with MD5 hashes. This restriction is limited to certificates issued under roots in the Microsoft root certificate program. This update increases the difficulty of some spoofing, phishing, and...

BIND Vulnerablilty Enables DNS Cache Poisoning Attack

A vulnerability in the BIND domain name system DNS software could give an attacker the ability to easily and reliably control queried name servers chosen by the most widely deployed DNS software on the Internet, according to new research presented at the Woot Conference in Washington D.C. today...

SEC Consult SA-20130805-0 :: Vodafone EasyBox Default WPS PIN Algorithm Weakness

SEC Consult Vulnerability Lab Security Advisory 20130805-0 ======================================================================= title: Vodafone EasyBox Default WPS PIN Algorithm Weakness product: EasyBox 802 & EasyBox 803 vulnerable version: EasyBox 802 - all versions EasyBox 803 - Production...

[SECURITY] Fedora 19 Update: gnupg-1.4.14-1.fc19

GnuPG GNU Privacy Guard is a GNU utility for encrypting data and creating digital signatures. GnuPG has advanced key management capabilities and is compliant with the proposed OpenPGP Internet standard described in RFC2440. Since GnuPG doesn't use any patented algorithm, it is not compatible with...

Matthew Green on Crypto Advances, the BREACH Attack and Whether the Longevity of the RSA Algorithm

Dennis Fisher talks with Matthew Green of Johns Hopkins University about the crypto advances in recent years, the BREACH attack revealed at Black Hat and whether it’s time to start moving away from the RSA algorithm. Download: digitalunderground121 Subscribe to the Digital Underground podcast on...

BREACH decodes HTTPS encrypted data in 30 seconds

A new hacking technique dubbed BREACH can extract login tokens, session ID numbers and other sensitive information from SSL/TLS encrypted web traffic in just 30 seconds. The technique was demonstrated at the Black Hat security conference in Las Vegas Presentation PDF & Paper by Gluck along with...

BREACH decodes HTTPS encrypted data in 30 seconds

A new hacking technique dubbed BREACH can extract login tokens, session ID numbers and other sensitive information from SSL/TLS encrypted web traffic in just 30 seconds. The technique was demonstrated at the Black Hat security conference in Las Vegas Presentation PDF & Paper by Gluck along with...

Experts Urge ECC crytpo over RSA algorithm

LAS VEGAS – Cryptographic breakthroughs have accelerated in the past six months in areas such as discrete logarithm computations that lead experts to believe that breaking the stalwart RSA algorithm may be in the not-too-distant future. A team of crypto experts today at Black Hat USA 2013 present...

Fedora Update for nodejs-sha FEDORA-2013-11780

Check for the Version of nodejs-sha OpenVAS Vulnerability Test Fedora Update for nodejs-sha FEDORA-2013-11780 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

OpenAFS security vulnerabilities

Weak enbcryption algorithm...

Autocad DWG-AC1021 Heap Corruption

AutoCAD is a software for computer-aided design CAD and technical drawing in 2D/3D, being one of the world leading CAD design tools. It is developed and sold by Autodesk, Inc. Title: AutoCAD DWG-AC1021 Heap Corruption CVE Name: CVE-2013-3665 Permalink:...

[SECURITY] Fedora 18 Update: nodejs-sha-1.0.1-4.fc18

Check and get file hashes using MD5, SHA1, or any other algorithm supported by OpenSSL...

[SECURITY] Fedora 18 Update: nodejs-hawk-0.15.0-1.fc18

Hawk is an HTTP authentication scheme using a message authentication code MAC algorithm to provide partial HTTP request cryptographic verification...

Ubuntu Forums Password Breach Exposes 1.8 Million Users

Every username, password and email address used by members of the Ubuntu Forums was accessed in a breach reported on Saturday by the free Linux distribution. More than 1.82 million accounts stored in the forums’ database were stolen, according to a notice posted on the forums’ home page Saturday...

Chinese Hackers discovered second Android master key vulnerability

Android Security Squad, the China-based group that uncovered a second Android master key vulnerability that might be abused to modify smartphone apps without breaking their digital signatures. The whole point of digitally signing a document or file is to prove the file hasn't been modified. The...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2048)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2012-2048 advisory. - ext4: fix undefined behavior in ext4fillflexinfo Xi Wang orabug 16020245 CVE-2012-2100 - Divide by zero in TCP congestion control Algorithm Jespe...