720 matches found
Researcher Charlie Miller kicked out from iOS dev program for Exploiting iOS security flaw
Researcher Charlie Miller kicked out from iOS dev program for Exploiting iOS security flaw A major security flaw in Apple's iOS operating system that could allow hackers to remotely gain unauthorized access to an iPhone, iPod touch or iPad has been uncovered by a security expert "Charlie Miller "...
Demo of Charlie Miller's iOS Code-Signing Bug
Security researcher Charlie Miller of Accuvant discovered a vulnerability in the Apple iOS software that enables him to use an app he placed in the iTunes App Store to download unsigned code from a remote Web server and run it on any iOS device. In this video, he demonstrates the app and the way...
CentOS Update for nspr CESA-2011:1282 centos4 i386
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Ten Reasons The Diginotar Breach Will Be Bigger Than Stuxnet
by Roel Schouwenberg Editor’s note: This story was reposted from Securelist.com. In an almost unprecedented event the Dutch minister of internal affairs gave a press conference at 1:15 AM Friday to Saturday night. He announced the Dutch government was revoking trust in Diginotar. Diginotar...
ca-certificates security update
2010.63-3.5 - BR java-openjdk 2010.63-3.4 - fix inclusion of code-signing-only certs in .trust.crt - Initial build 448497...
The Social-Engineer Toolkit v1.4 latest Version !
The Social-Engineer Toolkit v1.4 latest Version ! The Social Engineering Toolkit SET is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It's main purpose is to augment and simulate social-engineering attacks and allow the tester to...
New Safari Bug Being Used to Jailbreak iPhones
A Web site set up to help iPhone users jailbreak their devices is using a flaw in the way that the iPhone handles PDF files to escape the phone’s sandbox security function and enable users to load applications that aren’t in Apple’s official App Store. The same flaw could easily be used to instal...
Facebook Developer Verification Won't Stop Rogue Apps
Looking to clamp down on the escalation of malicious apps on its popular social network, Facebook will now require that every developer to verify their Facebook account by providing a mobile phone number or adding a credit card to their account. While this is clearly a step in the right direction...
iPhone Sandbox Model Not Enough
The iPhone sandbox has always been held up as a major roadblock to thwart hackers from doing damage on the device. But, as European researchers Vincenzo Iozzo and Ralf Philipp Weinmann proved, a hacker can hijack a lot of sensitive data without ever leaving the iPhone sandbox. In this case, they...
iPhone Hacked at Pwn2Own; SMS Database Stolen
VANCOUVER, BC — A pair of European researchers used the spotlight of the CanSecWest Pwn2Own hacking contest here to break into a fully patched iPhone and hijack the entire SMS database, including text messages that had already been deleted. Using an exploit against a previously unknown...
RHEL 4 / 5 : java-1.5.0-sun (RHSA-2007:0963)
Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having important security impact by the Red Hat Security Response Team. The Java Runtime Environment JRE contains the...
ATEN IP KVM Switches multiple cryptographic vulnerabilities
Same SSL certificate is used for all devices, static symmetric key is used for code signing, mouse events are not encrypted, predictable session key is used...
Charney plugs Microsoft end-to-end trust at RSA Conference
Scott Charney used his keynote speech at the RSA Conference on Tuesday to talk up a variety of hardware and software-based technologies meant to infuse the Internet with more trust. Charney, the head of Microsoft’s Trustworthy Computing team, talked about the need for greater adoption of TPMs, co...
Microsoft Windows SMBv2 Code Signing Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability because it fails to properly validate digital signatures. Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of logged-in users. This facilitates the remote...
CVE-2007-1220
The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not properly verify the parameters passed to the syscall dispatcher, which allows attackers with physical access to bypass code-signing requirements and execute arbitrary code...
CVE-2007-1220
The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not properly verify the parameters passed to the syscall dispatcher, which allows attackers with physical access to bypass code-signing requirements and execute arbitrary code...
CVE-2007-1220
The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not properly verify the parameters passed to the syscall dispatcher, which allows attackers with physical access to bypass code-signing requirements and execute arbitrary code...
CVE-2007-1220
The CVE-2007-1220 entry describes a vulnerability in the Hypervisor of the Microsoft Xbox 360 kernel (versions 4532 and 4548) where the syscall dispatcher parameters are not properly verified. This allows attackers with physical access to bypass code-signing requirements and execute arbitrary cod...
Verisign transmits sensitive customer information in plain text when applying for a "Code Signing Digital ID"
Overview Verisign offers a service entitled "Code Signing Digital ID for Microsoft Authenticode." Information that is submitted to this site is not transmitted via an SSL secured session, instead it is transmitted in the plain-text. Description Verisign offers a service entitled "Code Signing...
Security Bulletin MS01-017
---------------------------------------------------------------------- Title: Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard Date: 22 March 2001 Software: All Microsoft customers should read the bulletin. Impact: Attacker could digitally sign code using the name "Microsoft...