CVE-2011-3427

The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate...

Data Encryption, 3.1/3GS

Apple’s decision to add data encryption with the iPhone 3GS was a nod to enterprise customers who wanted to offer iPhones to their employees, but were wary of the lack of security features compared with competing platforms like RIM’s Blackberry. Still, when they finally got around to it – with th...

Erase Data/Selective Data Wipe

While the iPhone was developed, primarily, as a consumer device, it quickly became apparent to Apple that its appeal wasn’t limited to personal use. Workers everywhere were bringing their shiny new iPhones to work and using them to connect to corporate wifi networks and check their work e-mail. T...

4.9 Million Affected in Military Healthcare Breach

Military health service providers, TRICARE and Science Applications International Corporation SAIC report a data breach of involving the personal information of an estimated 4.9 million military clinic and hospital patients. The lost data was stored on back-up tapes that contained patient health...

TWSL2011-014: Vulnerability in Pantech Web Browser SSL Implementation

Trustwave's SpiderLabs Security Advisory TWSL2011-014: Vulnerability in Pantech Web Browser SSL Implementation https://www.trustwave.com/spiderlabs/advisories/TWSL2011-014.txt Published: 2011-09-23 Version: 1.0 Vendor: Pantech http://www.pantechusa.com Product: Link P7040P, others may be vulnerab...

Apple iOS < 7.0 Multiple Vulnerabilities

Binary data 8013.prm...

Cloud Security Needs Continuous Monitoring to Reassure Enterprises, Panel Says

SAN FRANCISCO–A panel of cloud providers and enterprise security professionals said that in order to make enterprise security teams feel more comfortable giving up their data, cloud providers need to be more transparent and open about the security measures and processes they have in place to...

FreeBSD : nss/ca_root_nss -- fraudulent certificates issued by DigiNotar.nl (aa5bc971-d635-11e0-b3cf-080027ef73ec)

Heather Adkins, Google's Information Security Manager, reported that Google received ... reports of attempted SSL man-in-the-middle MITM attacks against Google users, whereby someone tried to get between them and encrypted Google services. The people affected were primarily located in Iran. The...

Design/Logic Flaw

The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an...

CVE-2011-0228

The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an...

CVE-2011-0228

Affected software: Apple iOS prior to 4.2.10 and 4.3.x prior to 4.3.5. Vulnerability: The Data Security component does not check the basicConstraints parameter when validating X.509 certificate chains, allowing a non-CA certificate to sign a certificate for any domain. This enables a man-in-the-m...

EUVD-2011-0254

The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an...

Automated HTTPS Vulnerability Testing by Qualys SSL Labs

Automated HTTPS Vulnerability Testing by Qualys SSL Labs One of main problem in HTTP protocol is encrypting traffic and verifying data security, securing the web application against any threat is very important especially that if hackers conduct a Man-in the middle attack he can get all users...

New Guidelines Address PCI DSS Tokenization

"Tokenization" is one of the best techniques to reduce the risk of credit card data loss. Basically, it is the process of substituting sensitive data with other values not considered sensitive. By doing this, tokenization technology essentially removes anything of value from the data stream, and,...

California Approves Data Security Rules for Smart Meters

The state of California has approved new rules to protect the data stored on so-called “smart meters,” in an effort to protect customer consumption data as household utilities are wired and connected to an IP-enabled “smart grid.” The California Public Utilities Commission CPUC, which regulates...

Rep. Bono Mack Requests More Data on Operation Shady RAT

Rep. Mary Bono Mack, chair of the influential House committee that oversees information security, is asking for more information about the Shady RAT attacks that McAfee publicized last week, saying that the “details of the report are alarming at the least,” and asking that researchers brief membe...

German Hacker Cracks GSM Call Encryption Code

German Hacker Cracks GSM Call Encryption Code A German computer boffin has worked out a way to crack code used to encrypt most of the world's mobile Internet traffic. Karsten Nohl is going to publish a guide to prompt global operators to improve their safeguards. Karsten Nohl and his team of 24...

Chi youdao professional travel system v1. 0 vulnerability-vulnerability warning-the black bar safety net

Default information: “Chi youdao”professional travel site system is wise to have team professional development, for the current tourism platform for powerful features developers! Back office management Background path: admin/login. asp Administrator: user:admin Password: psw:1 2 3 4 5 6 下载 地址...

APPLE-SA-2011-07-25-2 iOS 4.2.10 Software Update for iPhone

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-07-25-2 iOS 4.2.10 Software Update for iPhone iOS 4.2.10 Software Update for iPhone is now available and addresses the following: Data Security Available for: iOS 4.2.5 through 4.2.9 for iPhone 4 CDMA Impact: An attacker with a privilege...

APPLE-SA-2011-07-25-1 iOS 4.3.5 Software Update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-07-25-1 iOS 4.3.5 Software Update iOS 4.3.5 Software Update is now available and addresses the following: Data Security Available for: iOS 3.0 through 4.3.4 for iPhone 3GS and iPhone 4 GSM, iOS 3.1 through 4.3.4 for iPod touch 3rd...