SMTP STS Coming Soon to Gmail, Other Webmail Providers

Gmail users can expect the introduction of SMTP Strict Transport Security to the email service some time this year, bringing a measure of security similar to certificate pinning to one of the world’s biggest webmail services. Elie Bursztein, the head of Google’s anti-abuse research team, said at...

Signal Messaging App Rolls Out Encrypted Video Calling

WhatsApp and Facebook have so far the largest end-to-end encrypted video calling network of all, but now another popular end-to-end encrypted messaging app recommended by whistleblower Edward Snowden is ready to give them a really tough competition. The Signal app, which is widely considered the...

USN-3194-1: OpenJDK 7 vulnerabilities

Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves those algorithms to the legacy algorithm set and causes...

CVE-2016-5918

IBM Tivoli Storage Manager HSM for Windows displays the encrypted Tivoli Storage Manager password in application trace output if the password access option is prompt and the password is changed...

Polish Banks Hacked using Malware Planted on their own Government Site

In what considered to be the largest system hack in the country's history and a massive attack on the financial sector, several banks in Poland have been infected with malware. What's surprising? The source of the malware infection is their own financial regulator, the Polish Financial Supervisio...

CVE-2016-6329

OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack...

Design/Logic Flaw

OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack...

CVE-2016-6329

OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack...

CVE-2016-6329

Removed by vendor...

Facebook Unveils 'Delegated Recovery' to Replace Traditional Password Recovery Methods

How do you reset the password for your Facebook account if your primary email account also gets hacked? Using SMS-based security code or maybe answering the security questions? Well, it's 2017, and we are still forced to depend on insecure and unreliable password reset schemes like email-based or...

CVE-2016-6329

OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack...

CVE-2016-10102

hitek.jar in Hitek Software's Automize uses weak encryption when encrypting SSH/SFTP and Encryption profile passwords. This allows an attacker to retrieve the encrypted passwords from sshProfiles.jsd and encryptionProfiles.jsd and decrypt them to recover cleartext passwords. All 10.x up to and...

Information disclosure

Information Disclosure can occur in Hitek Software's Automize 10.x and 11.x passManager.jsd. Users have the Read attribute, which allows an attacker to recover the encrypted password to access the Password Manager...

Information disclosure

Information Disclosure can occur in sshProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for SSH/SFTP profiles. Verified in all 10.x versions up to and including 10.25, and all 11.x versions up to an...

CVE-2016-10101

Information Disclosure can occur in Hitek Software's Automize 10.x and 11.x passManager.jsd. Users have the Read attribute, which allows an attacker to recover the encrypted password to access the Password Manager...

CVE-2016-10104

Information Disclosure can occur in sshProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for SSH/SFTP profiles. Verified in all 10.x versions up to and including 10.25, and all 11.x versions up to an...

CVE-2016-10101

Information Disclosure can occur in Hitek Software's Automize 10.x and 11.x passManager.jsd. Users have the Read attribute, which allows an attacker to recover the encrypted password to access the Password Manager...

CVE-2016-10101

CVE-2016-10101 affects Hitek Software Automize (10.x/11.x) via the passManager.jsd module. The vulnerability stems from information disclosure: attackers with Read access can recover the encrypted password to access the Password Manager. Documentation notes the impact as information disclosure an...

Privilege escalation vulnerabilities in IBM System Networking Switch Center and Lenovo Switch Center

Lenovo Security Advisory:LEN-2015-074, LEN-2746 Potential Impact: Escalation of Privileges Severity: High Summary: Multiple vulnerabilities have been identified in the following products: - IBM System Networking Switch Center - Lenovo Switch Center Description: Lenovo Switch Center, previously...

chisel - A fast TCP tunnel over HTTP

Chisel is a fast TCP tunnel, transported over HTTP. Single executable including both client and server. Written in Go Golang. Chisel is mainly useful for passing through firewalls, though it can also be used to provide a secure endpoint into your network. Chisel is very similar to crowbar though...