[SECURITY] Fedora 22 Update: gnupg2-2.1.2-2.fc22

GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440 and the S/MIME standard as described...

DroidStealth — Android Encryption Tool with Stealth Capabilities

We all have Internet-connected smartphones in our pockets, but it’s very hard to find a place on Internet to feel secure and private. No doubt, there is data Encryption on cell phones, but what’s the use if it is cracked by hackers or law enforcement? What if the encrypted files don’t exist in th...

Grinder - System to Automate the Fuzzing of Web Browsers

Grinder is a system to automate the fuzzing of web browsers and the management of a large number of crashes. Grinder Nodes provide an automated way to fuzz a browser, and generate useful crash information such as call stacks with symbol information as well as logging information which can be used...

CHARGE Anywhere Breached, Plain Text Data Accessed

CHARGE Anywhere, a New Jersey-based developer of payment gateway and mobile payment applications, on Tuesday disclosed that it had been breached and that hackers had access to transactions leaving its network, perhaps going back as far as 2009. Most of the traffic was encrypted, the company said ...

Design/Logic Flaw

Citrix XenMobile MDX Toolkit before 9.0.4, when used to wrap iOS 8 applications, does not properly encrypt cached application data, which allows context-dependent attackers to obtain sensitive information by reading the cache...

CVE-2014-8495

Citrix XenMobile MDX Toolkit before 9.0.4, when used to wrap iOS 8 applications, does not properly encrypt cached application data, which allows context-dependent attackers to obtain sensitive information by reading the cache...

SSLv3 Protocol vulnerability‘POODLE’to fix the related concepts-vulnerability warning-the black bar safety net

2 0 1 4 years 1 0 On 1 5 December, Google released a report about the SSLv3 “POODLE”of the high-risk vulnerability vulnerability number CVE-2 0 1 4-3 5 6 6 A brief analysis of the report. According to Google's statement, the vulnerability across all of the SSLv3 version, the use of the...

Secure Disk Encryption Software: CipherShed

Secure Disk Encryption Software CipherShed is free as in free-of-charge and free-speech encryption software for keeping your data secure and private. It started as a fork of the now-discontinued TrueCrypt Project. CipherShed is cross-platform; It is available for Windows, Mac OS X and GNU/Linux...

Instasheep — Instagram Account Hacking Tool Released

Two days ago, we reported at The Hacker News about a critical issue in the most popular image and video sharing service, Instagram app for mobiles, that allows an attacker to hijack users’ account and successfully access private photos, delete victim's photos, edit comments and also post new...

INSTEON Hub 2242-222 - Lack of Web and API Authentication

No description provided by source. Trustwave SpiderLabs Security Advisory TWSL2013-023: Lack of Web and API Authentication Vulnerability in INSTEON Hub Published: 8/01/13 Version: 1.0 Vendor: INSTEON http://www.INSTEON.com/ Product: Hub Version affected: 2242-222 model discontinued Product...

[SECURITY] Fedora 20 Update: gnupg2-2.0.24-1.fc20

GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440 and the S/MIME standard as described...

Massachusetts Supreme Court Rules Defendant Must Decrypt Data

Encryption software has been enjoying a prolonged day in the sun for about the last year. Thanks to the revelations of Edward Snowden about the NSA’s seemingly limitless capabilities, security experts have been pounding the drum about the importance of encrypting not just data in transit, but...

Microsoft Privacy Policy Promises No Targeted Advertisements

In a series of revisions to its services agreement, Microsoft says it will not scan the contents of its users’ files nor will it monitor their communications in order to target advertising based on perceived customer interests. The move is a dramatic one when contrasted with many of the Redmond,...

openSUSE Security Update : xtrabackup (openSUSE-SU-2013:1864-1)

Percona XtraBackup was updated to 2.1.6 bnc852224 - New Features : - New innobackupex --force-non-empty-directories option - now supports logs created with the new log block checksums - New Features specific to MySQL 5.6: option innodblogchecksumalgorithm in Percona Server 5.6 - Bugs Fixed : -...

齐博CMS任意文件读取(鸡肋，需注册)

简要描述： RT 详细说明： 漏洞一:鸡肋的getshell需注册并能发布文章,需配合apache、iis6解析漏洞 文件 /inc/articfunction.php //采集外部图片 function getoutpic$str,$fid=0,$getpic=1 global $webdb,$lfjuid; if!$getpic return $str; pregmatchall"/http://^ '"+.gif|jpg|png/is",$str,$array; $filedb=$array0; foreach $filedb AS $key=$value if...

ProtonMail: 'NSA-Proof' End-to-End Encrypted Email Service

The Edward Snowden revelations triggered a large-scale movement worldwide towards deploying encryption across the Internet for secure services, which is something the government agencies like NSA and GCHQ have targeted repeatedly, as exemplified by abruptly shutting down Lavabit, a Texas-based...

Android Outlook App Could Expose Emails, Attachments

There are two issues with the way Microsoft’s Outlook application encrypts content on older versions of Android that could expose users’ emails and email attachments. Paolo Soto, a researcher with the security firm Include Security, said his team initially dug up the vulnerabilities in November...

NIST SP 800-52 Revision 1 Recommends TLS 1.2 by Jan. 1, 2015

U.S. federal government agencies are being told they should move to TLS 1.2 by the beginning of 2015. The National Institute for Standards and Technology, NIST, recently released NIST Special Publication 800-52 Revision 1, which includes the final public comments made since SP 800-52 was withdraw...

BlackBerry Releases Guidelines to Deter Privacy-Infringing Apps

Aiming to shore up user security BlackBerry this week released a new set of privacy guidelines it’s encouraging third-party app developers to follow to better protect their customers. The guidelines apply to customers’ personally identifiable information PII – the bits of information that apps...

LinkedIn shutting down its security-plagued INTRO app in Early March

Last October, the social network 'LinkedIn' launched a controversial Smartphone app called 'Intro' that intercepts and route all of your emails through LinkedIn servers to inject LinkedIn profiles of the sender directly into the mails. The app was released for Android, as well as iOS devices. Why...