Gogo In-flight Internet issues Fake SSL Certificates to its own Customers

Gogo — one of the largest providers of in-flight Internet service — has been caught issuing fake SSL certificates, allowing the inflight broadband provider to launch man-in-the-middle MITM attacks on its own users, view passwords and other sensitive information. The news came to light when securi...

Global mobile security vulnerabilities“for the benefit of the”hack-vulnerability warning-the black bar safety net

German researchers said that global mobile phone operators the use of a system security vulnerabilities allow hackers to large-scale monitoring of mobile phone users traffic as possible. This security issue relates to the distribution standard system Signaling System 7, or SS7 in. The system is...

Google Document Embedder 2.5.16 SQL Injection

Exploit Title : Google Document Embedder 2.5.16 mysqlrealescpaestring bypass SQL Injection Data : 2014 – 12 -03 Exploit Author : Securely Yoo Hee man Plugin : google-document-embedder Fixed version : N/A Software Link : https://downloads.wordpress.org/plugin/google-document-embedder.2.5.16.zip 1...

Internet Voting Hack Alters PDF Ballots in Transmission

Threats to the integrity of Internet voting have been a major factor in keeping the practice to a bare minimum in the United States. On the heels of the recent midterm elections, researchers at Galois, a computer science research and development firm in Portland, Ore., sent another reminder to...

CVE-2014-7587

The Blocked in Free aka com.blueup.blocked application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Люди готовы "на всё" ради бесплатного WiFi

Специалисты из компаний F-Secure, Британского института по информационной безопасности и немецкой компании SySS провели совместное исследование, насколько обычные пользователи готовы подключаться к бесплатному хотспоту, даже если это подключение представляет потенциальную опасность. Для проверки,...

Snoopy - A distributed tracking and data interception framework

Snoopy is a distributed tracking and profiling framework which can perform interesting tracking and profiling of mobile users through the use of WiFi. There have been recent initiatives from numerous governments to legalise the monitoring of citizens’ Internet based communications web sites...

OpenSSL re-aeration of the CCS injection vulnerability-vulnerability warning-the black bar safety net

Too much drama last night to see a good piece has about, also good, 2 0 1 2 edition of the perfect memories on, like me such people still choose to use the TV or go to the cinema to see the movie, in the middle of no commercials, experience holding back process, always Suddenly have a lot of idea...

Apple Fixes Serious SSL Issue in OSX and iOS

Apple has fixed a serious security flaw that’s present in many versions of both iOS and OSX and could allow an attacker to intercept data on SSL connections. The bug is one of many that the company fixed Tuesday in its two main operating systems, and several of the other vulnerabilities have...

Snoopy Drone Can Hack Your Smartphones

The use of unmanned aerial vehicles UAVS called Drones is rapidly transforming the way we go to war. Drones were once used for land surveillance, Delivering Pizza's, then equipped with bombs that changed the way nations conduct war and now these hovering drones are ready to hack your Smartphones...

Windows Error Reporting Used to Find Advanced Exploits

Windows Error Reporting, also known as Dr. Watson reports, are Windows crash reports sent by default unencrypted to Microsoft, which uses them to fix bugs. The reports are rich with system data that Microsoft also uses to enhance user interaction with its products. Since, however, they are sent i...

LinkedIn Intro Service to Shut Down March 7

LinkedIn announced on Friday it was shuttering its four-month-old Intro service which stirred up a privacy meltdown shortly after its release in October. Intro was an integrated service for iOS which sat as a proxy between the built-in iOS mail client and the user’s email provider. Intro would...

'LinkedIn Intro' iOS app can read your emails in iPhone

Your LinkedIn profile is your digital resume. Yesterday, LinkedIn launched a new app for for iOS devices called Intro 'LinkedIn Intro'. With this feature an email on your iPhone will display a picture of the sender, with useful profile info from LinkedIn. Basically, to use the service, a LinkedIn...

Apple Mac OS X 'IPSec Hybrid Auth' 服务器证书安全绕过漏洞(CVE-2013-1028)

BUGTRAQ ID: 62371 CVECAN ID: CVE-2013-1028 Apple Mac OS X是苹果电脑操作系统软件。 Mac OS X 10.8 - 10.8.4存在安全漏洞，攻击者可以截获IPSec Hybrid Auth所保护的数据。IPSec Hybrid Auth服务器的DNS名称没有匹配证书，可使具有任何服务器证书的攻击者利用此漏洞模拟其他服务器。 0 Apple Mac OS X 10.8 - 10.8.4 Apple Mac OS X 厂商补丁： Apple ----- Apple已经为此发布了一个安全公告（HT5880）以及相应补丁:...

Researchers Reverse Engineer Dropbox

Researchers have cracked open cloud storage service Dropbox, reverse engineering the encryption protecting the client in order to open it up to further security analysis. The engineers, Dhiru Kholia of Openwall and Przemyslaw Wegrzyn of CodePainters, also managed to demonstrate how to use...

STOP using Facebook and Google and if you fear US spying

Edward Snowden, a former NSA systems analyst, have revealed the NSA's sweeping data collection of U.S. phone records and some Internet traffic and the programs target foreigners and terrorist suspects mostly overseas.According to the Constitution of all countries, capturing and reading emails or...

Italian team discoveries flaw in Ruzzle protocol, serious menace to privacy

We are in digital era, everything is connected to the large networks and applications benefit of even more complex devices that deeply interact with owner, in this scenario security requirements assume a crucial importance and security of overall architecture also depend on security of single...

Deep Packet Inspection Firm Cyberoam Issues Fix Following Private Key Leak

Network security firm Cyberoam issued an over the air update for all of its Deep Packet Inspection DPI devices today after a decrypted version of the company’s universal private key was leaked online over the weekend. The New Jersey-based company pushed the hotfix after an anonymous commenter...

Yahoo Mail - Cross Site Scripting & Webfilter Bypass

Document Title: =============== Yahoo Mail - Cross Site Scripting & Webfilter Bypass Release Date: ============= 2011-06-29 Vulnerability Laboratory ID VL-ID: ==================================== 130 Product & Service Introduction: =============================== Enjoy tons of features and fun wa...

DSA-2169-1 telepathy-gabble - missing input validation

Bulletin has no description...