DEBIAN-CVE-2013-4122

Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service thread crash and consumption via 1 an invalid salt or, when FIPS-140...

HTTPS, SSL Minimal Security, Privacy Standard for Email

Yahoo is being second-guessed more today than a mediocre baseball manager. Two days after announcing it would finally turn SSL on by default for its email users starting in January, the company is getting a halfhearted pat on the back from the security industry, which can’t help but ask: “What to...

PolarSSL: Multiple vulnerabilities

Background PolarSSL is a cryptographic library for embedded systems. Description Multiple vulnerabilities have been discovered in PolarSSL. Please review the CVE identifiers referenced below for details. Impact A remote attacker might be able to cause Denial of Service, conduct a man-in-the middl...

Seized $3.5 Million worth Bitcoins from Silk Road will be deposited in the U.S. Treasury

Ross Ulbricht, the recently arrested mastermind behind Silk Road, appeared in court yesterday where his lawyer begged for more time before the detention hearing. As the Protective Order states, The United States is further authorized to seize any and all Bitcoins contained in wallet files residin...

Adobe Gets Hacked; Hackers Steal 2.9 million Adobe Customers accounts

Hackers broke into Adobe Systems' internal network on Thursday, stealing personal information on 2.9 million customers and the source code for several of Adobe's most popular products. This an absolutely massive blow to Adobe, especially their reputation. Adobe, which makes Photoshop and other...

Adobe Gets Hacked; Hackers Steal 2.9 million Adobe Customers accounts

Hackers broke into Adobe Systems’ internal network on Thursday, stealing personal information on 2.9 million customers and the source code for several of Adobe’s most popular products. This an absolutely massive blow to Adobe, especially their reputation. Adobe, which makes Photoshop and other...

Ubuntu 10.04 LTS : python2.6 vulnerability (USN-1982-1)

Ryan Sleevi discovered that Python did not properly handle certificates with NULL characters in the Subject Alternative Name field. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Note that Tenable Network...

Ubuntu 12.10 / 13.04 : python3.3 vulnerabilities (USN-1985-1)

Florian Weimer discovered that Python incorrectly handled matching multiple wildcards in ssl certificate hostnames. An attacker could exploit this to cause Python to consume resources, resulting in a denial of service. CVE-2013-2099 Ryan Sleevi discovered that Python did not properly handle...

USN-1985-1: Python 3.3 vulnerabilities

Florian Weimer discovered that Python incorrectly handled matching multiple wildcards in ssl certificate hostnames. An attacker could exploit this to cause Python to consume resources, resulting in a denial of service. CVE-2013-2099 Ryan Sleevi discovered that Python did not properly handle...

VPN provider 'Proxy.sh' sniffed the traffic of US based server to Catch Hackers

The very first question we always try to figure before choosing a trusted VPN service - Can't a VPN provider just look at my traffic all they want and see what I'm doing? Well, a reputated VPN provider today answers the Question and admitted that they sniffed the traffic on one of its United...

Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : pyopenssl vulnerability (USN-1965-1)

It was discovered that pyOpenSSL did not properly handle certificates with NULL characters in the Subject Alternative Name field. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Note that Tenable Network Securit...

Ubuntu: Security Advisory (USN-1965-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-1965-1: pyOpenSSL vulnerability

It was discovered that pyOpenSSL did not properly handle certificates with NULL characters in the Subject Alternative Name field. An attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications...

Junos Pulse Secure IVE / UAC OS Multiple SSL Vulnerabilities

According to its self-reported version, the version of IVE / UAC OS running on the remote host may be affected by multiple vulnerabilities : - Remote attackers may be able to trigger buffer overflow vulnerabilities on the OpenSSL libraries by sending specially crafted DER data, resulting in memor...

Null pointer dereference

KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pwencrypt functions, which allows remote attackers to cause a denial of service NULL pointer dereference and crash via 1 an invalid salt or a 2 DES or 3 MD5 encrypted password, when FIPS-140 is...

Tor Anonymizing network overload caused by Mevade Botnet

Recently, Tor Project Director - Roger Dingledine described a sudden increase in Tor users on the Tor Network after the events related to disclosure of the PRISM surveillance program, Since August 19, 2013, there has been an impressive growth in the number of Tor users. At first, No one knew who ...

Threat Outbreak Alert: Fake Encrypted Message Notification Email Messages on September 6, 2013

Medium Alert ID: 30678 First Published: 2013 September 6 19:49 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain an encrypted message for the recipient. The text in the email message attempts to convince the recipient to...

Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : php5 vulnerability (USN-1937-1)

It was discovered that PHP did not properly handle certificates with NULL characters in the Subject Alternative Name field. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Note that Tenable Network Security has...

Firefox Extension HTTP Nowhere Allows Users to Surf in Encrypted-Only Mode

It’s no secret that the Web wasn’t really meant to be a secure platform, for communications or commerce or anything else. But it’s used for all of these functions every day, and for the most part they depend upon the sites they deal with using SSL and doing so correctly. That’s not always a sure...

[Network Password Decryptor v6.0] Windows Network Password Recovery Tool

Network Password Decryptor is the free tool to instantly recover network authentication passwords. In addition to the network authentication passwords it can also recover passwords stored by other windows apps such as Outlook , Windows Live Messenger , Remote Destktop etc. These network passwords...