Kayako Fusion Help Desk Cross Site Scripting

Exploit Title: Kayako Fusion Cross Site Scripting Date: 17.03.2012 Author: Sony Software Link: http://www.kayako.com/ Version: all version Google Dorks: inurl:Base/UserRegistration/ or intitle:Powered by Kayako Fusion Help Desk Software Web Browser : Mozilla Firefox Site : http://insecurity.ro Po...

Pastebin Downed By Second DDoS Attack This Week

For the second time this week, Pastebin.com on Thursday found itself hit by a distributed denial-of-service DDoS attack. The site was previously taken offline for a portion of the day on Tuesday, though no motives or culprits for that attack have been named yet. A post to the service’s Twitter...

EFF Data Shows Four CAs Compromised Since June

The EFF, through the use of its SSL Observatory, has taken a look at the data from certificate revocation lists for SSL certificates in recent months, and found that there were four separate CAs compromised in the last four months. The data that the EFF looked at was a summary of the reasons that...

Dutch Government Sets Sept. 28 Kill Date for DigiNotar Certs

Adobe said on Friday that its products would soon reject certificates issued by the disgraced Dutch certificate authority DigiNotar following the Dutch government’s decision, Friday, to revoke DigiNotar PKIoverheid CA certificates used by government agencies on September 28. The news sets an...

Its Fail 2011 - Year of Hacks !

Its Fail 2011 - Year of Hacks ! According to IT security experts Year 2011 have labeled as the "Year of the Hack " or "Fail 2011 ". Hacking has become much easier over the years allowing hackers to hack into systems easier then ever before, which is why 2011 had a lot of hacking happen so far...

Its Fail 2011 - Year of Hacks !

Its Fail 2011 - Year of Hacks ! According to IT security experts Year 2011 have labeled as the "Year of the Hack" or "Fail 2011". Hacking has become much easier over the years allowing hackers to hack into systems easier then ever before, which is why 2011 had a lot of hacking happen so far...

GlobalSign Set to Resume CA Operations

GlobalSign is still in the process of completing the investigation into whether its certificate authority infrastructure was compromised, but the company on Tuesday was ready to resume some of its operations under “high-threat” conditions. The company said that it has found evidence that its main...

Fraudulent Digital Certificates Spoofing Vulnerability (2607712)

The host is installed with Microsoft Windows operating system and is prone to spoofing vulnerability. This NVT has been superseded by KB2641690 Which is addressed in NVT gbmsfraudulentdigitalcertspoofingvuln.nasl OID:1.3.6.1.4.1.25623.1.0.802403. OpenVAS Vulnerability Test $Id:...

Are Some Certificate Authorities Too Big To Fail?

In the wake of this weekend’s revelations of the seriousness of the attack on certificate authority DigiNotar, security experts have renewed criticism of the Internet’s digital certificate infrastructure, with some wondering if larger certificate authorities CAs might be too big to fail...

Comodo Hacker Claims Credit for DigiNotar Attack

The same attacker who claimed to have compromised Comodo in March is now claiming responsibility for the attack on DigiNotar, the Dutch certificate authority that issued fraudulent certificates for several hundred domains in he last few weeks, including Google, Yahoo, Mozilla Add-Ons and several...

Fraudulent Digital Certificates Spoofing Vulnerability (2524375)

The host is installed with Microsoft Windows operating system and is prone to spoofing vulnerability. OpenVAS Vulnerability Test $Id: gbmswindowsfraudulentdigitalcertspoofingvuln.nasl 5362 2017-02-20 12:46:39Z cfi $ Fraudulent Digital Certificates Spoofing Vulnerability 2524375 Authors: Antu Sana...

Fraudulent Digital Certificates Spoofing Vulnerability (2524375)

Microsoft Windows operating system is prone to a spoofing vulnerability. This VT has been superseded by KB2641690 which is addressed in the VT SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

Replacing the CA System, Millions of Clients at a Time

The Internet was not designed to be a secure network, not by any stretch of the imagination. It was meant to enable giant PDPs and IMPs at one college to talk to their brethren at another college across the country. SSL was an attempt to impose some level of security and trustability on this syst...

Comodo Hacked - Reseller private data exposed !

Comodo Hacked - Reseller private data exposed ! Another official reseller of SSL certificate authority Comodo has suffered a security breach that allowed attackers to gain unauthorized access to data. Brazil-based ComodoBR is at least the fourth Comodo partner to be compromised this year. Custome...

The Problem of Issuing Certs For Unqualified Names

The recent attack on Comodo and several of its associated registration authorities has spurred quite a bit of re-examination of the way that the Web’s certificate authority infrastructure works–or doesn’t. One interesting result of this work is that the folks at the Electronic Frontier Foundation...

Comodo hacker claim no relation to Iranian Cyber Army !

Comodo hacker claim no relation to Iranian Cyber Army ! The alleged hacker of Comodo stepped forward this weekend to explain how he generated bogus SSL certificates for login.skype.com, mail.google.com, login.live.com and other popular internet websites. His story is that he was able to compromis...

Security Stories We Wish Had Been April Fool's Jokes

There’s a grand tradition in the security community of clever, cerebral and sometimes downright inane April Fool’s pranks. They often take the form of fake news stories about viruses, world-ending attacks or something involving Bruce Schneier and Chuck Norris. But the security world is bizarre...

Two more Comodo registration authority accounts compromised !

Two more Comodo registration authority accounts compromised ! Certification company's humiliation drags on as hacker scalps two more Comodo registration authority accounts The Iranian hacker that managed to trick Comodo into issuing nine fraudulent certificates appears to have compromised two mor...

Comodo Says Two More Registration Authorities Compromised

Officials at Comodo have acknowledged that an additional two registration authorities affiliated with the company have been compromised in the wake of the high-profile attack on the company that was disclosed last week. However, no forged certificates were issued as a result of the new attacks. I...

Alleged Comodo Hacker Posts Forged Mozilla Cert, Private Key

The unnamed hacker who has taken credit for the attack on Comodo last week that resulted in a number of fraudulent certificates being issued for high-value sites belonging to Google, Yahoo and Microsoft has posted the certificate that he issued himself for a Mozilla domain, as well as the private...