Researchers Uncover New Attacks Against LTE Network Protocol

If your mobile carrier offers LTE, also known as the 4G network, you need to beware as your network communication can be hijacked remotely. A team of researchers has discovered some critical weaknesses in the ubiquitous LTE mobile device standard that could allow sophisticated hackers to spy on...

restic cryptography

tl;dr: this is not an audit and I take no responsibility for your backups, but I had a quick look at the crypto and I think I'm going to use restic for my personal backups. I keep hearing good things about restic. I am redoing my storage solution, and restic seems to tick all the boxes for my...

ctr.ac.th XSS vulnerability

Open Bug Bounty ID: OBB-236793 Description| Value ---|--- Affected Website:| ctr.ac.th Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Windows Crypto Ransomware in Go: Ransomware

Windows Crypto Ransomware in Go Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system’s screen or by locking the users’ files unless a ransom is paid. More modern ransomware families, collectively categorized as crypto-ransomware,...

openSUSE Security Update : XEN (openSUSE-SU-2012:1572-1)

This security update of XEN fixes various bugs and security issues. - Upstream patch 26088-xend-xml-filesize-check.patch - bnc787163 - CVE-2012-4544: xen: Domain builder Out-of- memory due to malicious kernel/ramdisk XSA 25 CVE-2012-4544-xsa25.patch - bnc779212 - CVE-2012-4411: XEN / qemu: guest...

Scientific Linux Security Update : openssh on SL5.x i386/x86_64

CVE-2008-5161 OpenSSH: Plaintext Recovery Attack against CBC ciphers A flaw was found in the SSH protocol. An attacker able to perform a man-in-the-middle attack may be able to obtain a portion of plain text from an arbitrary ciphertext block when a CBC mode cipher was used to encrypt SSH...

CentOS Update for openssh CESA-2009:1287 centos5 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

tarsnap -- cryptographic nonce reuse

Colin Percival reports: In versions 1.0.22 through 1.0.27 of Tarsnap, the CTR nonce value is not incremented after each chunk is encrypted. The CTR counter is correctly incremented after each 16 bytes of data was processed, but this counter is reset to zero for each new chunk. Note that since the...

RedHat Security Advisory RHSA-2009:1287

The remote host is missing updates announced in advisory RHSA-2009:1287. OpenSSH is OpenBSD's SSH Secure Shell protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. A flaw was found in the SSH protocol. An attacker able to perform a...

Low: Red Hat Security Advisory: openssh security, bug fix, and enhancement update

Updated openssh packages that fix a security issue, a bug, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH Secure Shell protocol implementation. These...

RHEL 5 : openssh (RHSA-2009:1287)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2009:1287 advisory. OpenSSH is OpenBSD's SSH Secure Shell protocol implementation. These packages include the core files necessary for both the OpenSSH client and server...

SSH CBC vulnerability

Overview A vulnerability exists in SSH messages that employ CBC mode that may allow an attacker to recover plaintext from a block of ciphertext. Description The Secure Shell SSH is a network protocol that creates a secure channel between two networked devices in order to allow data to be exchange...

OpenSSH CBC模式信息泄露漏洞

BUGTRAQ ID: 32319 OpenSSH是一种开放源码的SSH协议的实现，初始版本用于OpenBSD平台，现在已经被移植到多种Unix/Linux类操作系统下。 如果配置为CBC模式的话，OpenSSH没有正确地处理分组密码算法加密的SSH会话中所出现的错误，导致可能泄露密文中任意块最多32位纯文本。在以标准配置使用OpenSSH时，攻击者恢复32位纯文本的成功概率为2^-18，此外另一种攻击变种恢复14位纯文本的成功概率为2^-14。 OpenSSH OpenSSH 4.7p1 SSH Communications Security Tectia Server 6.x SSH...

CVE-2008-5161

Error handling in the SSH protocol in 1 SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1;...