Audit Finds Gaping Holes in NASA Security

The U.S. Government Accountability Office GAO has painted a bleak picture of the NASA’s IT security posture. An audit of the space agency’s computer systems found weaknesses in several critical areas, especially in the way NASA implemented access controls like user accounts, passwords and the...

Visa Announces New Data Encryption Practices

Visa has announced new global best practices for data field encryption, also known as end-to-end encryption – a much-discussed solution in the wake of the Heartland Payment Systems breach. Announced by the global credit card company on Monday, these best practices are designed to further the...

Researchers Show Break in Secure Data Storage System

A team of computer scientists from several universities has devised an attack that is capable of reconstructing the so-called vanishing data objects created by a system called Vanish, which was designed to create secure data objects that would expire after a set time and could never be recreated...

Apple Needs to Get Serious About iPhone Security

By Andrew Storms Two years ago I took some hard hits from my peers for calling the iPhone “a security nightmare.” Two years later, I can’t find a single person who doesn’t agree that the iPhone is the number one mobile target of security researchers.Fast forward to today: Is the iPhone still a...

iPhone security comes to the fore

By Paul F. Roberts, The 451 Group The security of smartphones such as the iPhone, Windows Mobile devices and the T-Mobile G1 has come under a lot of scrutiny lately. Each device has its own unique security model, and in the case of the iPhone, Apple has kept its platform closed to third-party...

The times-the level of WEP crack full power slightly-vulnerability warning-the black bar safety net

With the rapid development of network technology and network applications, more and more, many users began to focus on network security. Believe the wired network to the wireless network in terms of security there is inherent, since the communication medium is a wireless signal, so the intruder c...

The times-the level of WEP crack full power slightly-vulnerability warning-the black bar safety net

With the rapid development of network technology and network applications, more and more, many users began to focus on network security. Believe the wired network to the wireless network in terms of security there is inherent, since the communication medium is a wireless signal, so the intruder c...

Sniffpass easily monitor the LAN password-vulnerability warning-the black bar safety net

Local area network because of its specificity, caused by the data is easy to be sniffing. Of course, most of the administrators have not implemented stream encryption to work, the plaintext password in the LAN can“see light die”. sniffpass is such a sniffing tool. Run the program after clicking...

CVE-2003-1392

CryptoBuddy 1.0 and 1.2 are affected by a cryptographic weakness: the application does not use the user-supplied passphrase to encrypt data, potentially allowing local users to decrypt data with their own passphrase. The underlying cause is improper use of the passphrase in encryption, leading to...

CVE-2007-4751

CVE-2007-4751 affects RemoteDocs R-Viewer prior to 1.6.3768. The vulnerability arises from storing encrypted RDZ data in unencrypted temporary files, enabling local users to read sensitive information from leftover copies. The associated Symantec advisory also indicates a design flaw that can all...

Encryption Private Key Detection (Generic)

Binary data 3774.prm...

Multiple vulnerabilities in TK8 Safe v.3.0.5

Multiple vulnerabilities in TK8 Safe v.3.0.5 July 3, 2006 ---- Summary: TK8 Safe www.tk8.com is a password management application, which stores authentication details and other sensitive data in encrypted local folders. A number of issues have been discovered in version 3.0.5 of the application...

To shadowless go without a trace anonymous breakthrough network limit-vulnerability warning-the black bar safety net

Network management as the name suggests, is every pipe of the network, and tried various means to restrict our Internet access people. In the network established all sorts of rules, don't download, don't use IM, not allowed to access the restricted site, etc., so we can't enjoy the Internet bring...

CVE-2006-1538

The Enova X-Wall ASIC encrypts with a key obtained via Microwire from a serial EEPROM that stores the key in cleartext, which allows local users with physical access to obtain the key by reading and duplicating an EEPROM that is located on a hardware token, or by sniffing the Microwire bus...

gnupg security update

CentOS Errata and Security Advisory CESA-2006:0266 An updated GnuPG package that fixes signature verification flaws as well as minor bugs is now available. This update has been rated as having important security impact by the Red Hat Security Response Team. GnuPG is a utility for encrypting data...

WebEOC uses a global shared key

Overview WebEOC installations may use the a common secret key to encrypt data. If an attacker can retrieve this key from one site, they will be able to decipher all data encoded with the key across all WebEOC installations. Description WebEOC is a web-based crisis information management applicati...

RHEL 2.1 : gnupg (RHSA-2003:176)

Updated gnupg packages are now available which correct a bug in the GnuPG key validation functions. The GNU Privacy Guard GnuPG is a utility for encrypting data and creating digital signatures. When evaluating trust values for the UIDs assigned to a given key, GnuPG versions earlier than 1.2.2...

Moderate: Red Hat Security Advisory: gnupg security update

Updated gnupg packages are now available which correct a bug in the GnuPG key validation functions. The GNU Privacy Guard GnuPG is a utility for encrypting data and creating digital signatures. When evaluating trust values for the UIDs assigned to a given key, GnuPG versions earlier than 1.2.2...

Cisco Security Advisory: Cisco VPN 3000 Concentrator Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco VPN 3000 Concentrator Multiple Vulnerabilities Revision 1.0 For Public Release 2002 September 03 at 1500 UTC ---------------------------------------------------------------------- Contents Summary Affected Products Detai...

shockwave.7.txt

Date: Thu, 11 Mar 1999 13:53:41 -0400 From: Sean Coates To: [email protected] Subject: Fwd: Shockwave 7 Security Hole I just got this off a Lingo programming list Macromedia Director 7 scripting. Thought the Bugtraq community might appreciate it. -Sean Coates [email protected] Date: Thu, 11...