CentOS 7 : virt-who (CESA-2015:0430)

An updated virt-who package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which...

virt security update

CentOS Errata and Security Advisory CESA-2015:0430 An updated virt-who package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common...

[USN-2524-1] eCryptfs vulnerability

========================================================================== Ubuntu Security Notice USN-2524-1 March 11, 2015 ecryptfs-utils vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives...

USN-2524-1 ecryptfs-utils vulnerability

Sylvain Pelissier discovered that eCryptfs did not generate a random salt when encrypting the mount passphrase with the login password. An attacker could use this issue to discover the login password used to protect the mount passphrase and gain unintended access to the encrypted files...

Ubuntu 14.04 LTS : eCryptfs vulnerability (USN-2524-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2524-1 advisory. Sylvain Pelissier discovered that eCryptfs did not generate a random salt when encrypting the mount passphrase with the login password. An attacker could use this...

OTR.to — Secure 'Off-the-Record' p2p Encrypted Messaging Service

In this post-Snowden era of mass surveillance, being out-of-reach from the spying eyes really doesn't mean they can not get you. So, if you are concerned about your data privacy and are actually searching for a peer-to-peer encrypted messaging service, then it’s time to get one. "Otr.to" — an...

TextSecure to Drop Support for Encrypted SMS

Open Whisper Systems is phasing out support for encrypted SMS and MMS messages in its TextSecure messaging product. The move does not spell the end for encrypted messaging for users of the Android app, as the company plans to switch to its own transport protocol to address some of the security an...

[SECURITY] Fedora 22 Update: duplicity-0.6.25-3.fc22

Duplicity incrementally backs up files and directory by encrypting tar-format volumes with GnuPG and uploading them to a remote or local file server. In theory many protocols for connecting to a file server could be supported; so far ssh/scp, local file access, rsync, ftp, HSI, WebDAV and Amazon ...

IBM Notes Traveler Companion application information disclosure vulnerability

IBM Notes Traveler is an email product powerfully built for Lotus Notes mobile users. An information disclosure vulnerability exists in the IBM Notes Traveler Companion application, which allows attackers to exploit this vulnerability by conducting phishing attacks involving encrypted email to...

Moderate: Red Hat Security Advisory: virt-who security, bug fix, and enhancement update

An updated virt-who package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which...

RHEL 7 : virt-who (RHSA-2015:0430)

An updated virt-who package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which...

Signal 2.0 — Free iPhone App for Encrypted Calls and Texts

An open source software group, Open Whisper Systems, has announced the release of Signal 2.0 — the second version of its free and open source messaging application for iPhone and iPad users. Signal app is specifically designed to make secure and easy-to-use encrypted voice calling. But that’s wha...

CVE-2014-8921

The IBM Notes Traveler Companion application 1.0 and 1.1 before 201411010515 for Window Phone, as distributed in IBM Notes Traveler 9.0.1, does not properly restrict the number of executions of the automatic configuration option, which makes it easier for remote attackers to capture credentials b...

Tails 1.3 Released, Introduces 'Electrum Bitcoin Wallet'

A new Tails 1.3 has been released with support to a secure Bitcoin wallet. Tails, also known as the 'Amnesic Incognito Live System', is a free security-focused Debian-based Linux distribution, specially designed and optimized to preserve users' anonymity and privacy. Tails operating system came t...

Optimizing encrypted video

Security Optimizing encrypted video Share February 25th, 2015 You might have seen our press release that Opera’s Rocket Optimizer can now optimize encrypted video streams. The attentive reader will already have halted and said, “wait, what?”. In this blog post, we’ll explain how this works. Rocke...

NSA Could Be Hoping For Clipper Chip Redux

The NSA has a new director, a slew of new challenges and any number of new capabilities at its disposal. But it seems that the agency is intent on fighting the same old battles. Even as fresh revelations about the extent of the NSA’s efforts to get access to encryption keys for mobile...

OpenJDK: CipherInputStream incorrect exception handling (Security, 8037846)

It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class...

Lenovo Superfish Certificate Password Cracked

Lenovo laptop owners are at risk for man-in-the-middle attacks as a vulnerability disclosed in pre-installed Superfish adware went nuclear this morning. Researcher Rob Graham of Errata Security published a report in which he said he cracked the password protecting the digital certificate shipped...

MegaNet — New Decentralized, Non-IP Based and Encrypted Network

The Famous Internet entrepreneur and former hacker Kim Dotcom, who introduced legendary Megaupload and MEGA file sharing services to the World, has came up with another crazy idea — To start his very own Internet that uses the "blockchain". Just last month, Kim Dotcom, a German millionaire former...

HP Data Protector Windows Unauthenticated Remote Code Execution

Added: 02/18/2015 CVE: CVE-2014-2623 BID: 68672 OSVDB: 109069 Background HP Data Protector is a backup solution for enterprise and distributed environments. Data Protector Manager listens on port 5555/TCP. Problem HP Data Protector is vulnerable to remote unauthenticated arbitrary command executi...