The Women of Bletchley Park

Really good article about the women who worked at Bletchley Park during World War II, breaking German Enigma-encrypted messages...

Linux/x86 - XOR encoded execve(/bin/sh) setuid(0) setgid(0) Shellcode (66 bytes)

Linux/x86 - XOR encoded execve/bin/sh setuid0 setgid0 Shellcode 66 bytes. Shellcode exploit for Linx86 platform ;Title: Linux/x86 - 66 byte - execve/bin/sh - setuid0 - setgid0 - XOR encrypted ;Author: nullparasite ;Contact: [email protected] ;Category: Shellcode ;Architecture: Linux x86...

Linux/x86 - XOR encoded execve(/bin/sh) setuid(0) setgid(0) Shellcode (66 bytes)

;Title: Linux/x86 - 66 byte - execve/bin/sh - setuid0 - setgid0 - XOR encrypted ;Author: nullparasite ;Contact: email protected ;Category: Shellcode ;Architecture: Linux x86 ;Description: This shellcode, first set uid and gid to zero then call shell using execve. Also, /bin/sh defined as a XOR...

Updated gajim packages fix security vulnerability

Gajim unconditionally implements the "XEP-0146: Remote Controlling Clients" extension, which may be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions CVE-2016-10376...

MGASA-2017-0166 Updated gajim packages fix security vulnerability

Gajim unconditionally implements the "XEP-0146: Remote Controlling Clients" extension, which may be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions CVE-2016-10376...

CVE-2017-1319

IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure attribute in encrypted session SSL cookie. IBM X-Force ID: 125731...

httpd: Padding Oracle in Apache mod_session_crypto

It was discovered that the modsessioncrypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack...

OneLogin Breach Compromised Customer Data, Ability to Decrypt Encrypted Data

A breach at OneLogin, a company that provides customers with a single sign on for logging into multiple sites and apps, appears to have compromised customer data, including the ability to decrypt encrypted data. The company notified customers via email Wednesday that the incident stemmed from...

OneLogin Password Manager Hacked; Users’ Data Can be Decrypted

Do you use OneLogin password manager? If yes, then immediately change all your account passwords right now. OneLogin, the cloud-based password management and identity management software company, has admitted that the company has suffered a data breach. The company announced on Thursday that it h...

Gajim has an unspecified vulnerability

Gajim is a suite of free instant messaging software based on the Jabber communication protocol developed by the Gajim project. The software is written in the GTK+ suite and supports paged chat windows, group discussions, emoticon patterns and more. A security vulnerability exists in Gajim 0.16.7...

DEBIAN-CVE-2016-10376

Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions...

Code injection

Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions...

CVE-2016-10376

Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions...

CVE-2017-9136

An issue was discovered on Mimosa Client Radios before 2.2.3. In the device's web interface, there is a page that allows an attacker to use an unsanitized GET parameter to download files from the device as the root user. The attacker can download any file from the device's filesystem. This can be...

CA Client Automation Local Information Disclosure Vulnerability

CA Client Automation is a suite of automation and remote client management tools from CA, Inc.OS Installation Management component is the operating system installation management component. A security vulnerability exists in the OS Installation Management component of CA Client Automation version...

QuickBooks Recipe

QuickBooks is an application that licenses and registers to the volume serial number of the local hard disk. When the license is created an encrypted file is stored that can only be unencrypted if the volume serial number matches the system it was installed on. When Unidesk creates a new desktop,...

Google Nexus Synaptics Touchscreen Firmware Injection(CVE-2017-0433)

Products Nexus 6P Nexus 9 Android One Pixel Pixel XL Vulnerable Versions Verified on Nexus 9 6.0.1/MOB30W Verified on Nexus 9 7.0/NRD90M Technical Details Due to lenient SELinux and DAC policy, vulnerable Synaptics DSX touchscreen driver sysfs file entires are exposed to an attacker that executes...

Cordova-Android MiTM Remote Code Execution(CVE-2017-3160)

Product Apache Cordova Vulnerable Version 6.1.1 and below Technical Details When adding an Android project for the first time: ‘cordova platform add Android’ Cordova requires Gradle build tool to be installed in the local development environment. If the developer had not pre-installed Gradle, the...

Dutch Police Seize Another Company that Sells PGP-Encrypted Blackberry Phones

The Dutch police arrested four suspects on Tuesday on suspicion of money laundering and involvement in selling custom encrypted BlackBerry and Android smartphones to criminals. The Dutch National High Tech Crime Unit NHTCU, dedicated team within the Dutch National Police Agency aims to investigat...

SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)

A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based...