Cryptocat offers End-to End Encryption For Facebook Messenger

It’s an era of Mass Surveillance, where Encryption has become more important today for all of us than any other time in the History. But the trouble is that Crypto programs are too hard for Non-Internet-Savvy to implement and use. Time is loudly announcing the need to switch to some alternatives...

Answers is vulnerable to BREACH (SSL/HTTP gzip) attack

This is an external report, and not a high priority - certainly much lower impact than ANSWERS-648. This issue was reported by Nakul Mohan , 11 May - the email is too long to reproduce here. An attacker with the ability to: Inject partial chosen plaintext into a victim's requests Measure the size...

AOL Breached, Investigating Spam from Spoofed Accounts

AOL reported today that it has been breached and urges users of its web-based email and other online services to change their passwords. AOL’s investigation of a breach of its internal network and systems is under way with the help of federal authorities and a forensics firm, the company said. La...

Heartbleed OpenSSL - Information Leak Exploit (2) - DTLS Support

This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information is returned within encrypted SSL packets and is then decrypted and wrote to a file to annoy IDS/forensics. The exploit can set heartbeat payload length arbitrarily or use two preset...

Heartbleed OpenSSL Information Leak Proof Of Concept

/ CVE-2014-0160 heartbleed OpenSSL information leak exploit ========================================================= This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information is returned within encrypted SSL packets and is then decrypted...

OpenSSL TLS Heartbeat Extension - 'Heartbleed' Information Leak (2) (DTLS Support)

/ CVE-2014-0160 heartbleed OpenSSL information leak exploit ========================================================= This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information is returned within encrypted SSL packets and is then decrypted...

CVE-2014-0085

JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. Note: this description has been updated; previous text mistakenly identified the source of the flaw as Zookeeper. Previous text:...

CVE-2014-0085

JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. Note: this description has been updated; previous text mistakenly identified the source of the flaw as Zookeeper. Previous text:...

Design/Logic Flaw

JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. Note: this description has been updated; previous text mistakenly identified the source of the flaw as Zookeeper. Previous text:...

UBUNTU-CVE-2014-0085

JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. Note: this description has been updated; previous text mistakenly identified the source of the flaw as Zookeeper. Previous text:...

CVE-2014-0085

CVE-2014-0085 affects JBoss Fuse where the application’s usage of Apache Zookeeper did not have passwords encrypted by default, enabling sensitive information disclosure via local-access logs. The vulnerability is an information disclosure flaw: a local user who can access the log files could obt...

WordPress 3.8.2 patch analysis HMAC timing attack-vulnerability warning-the black bar safety net

author: [email protected] 0x00 background On github over and over to see for a long time, the official version of the diff only in php where changes to a location: | 1 2 | - if $hmac != $hash + if hashhmac 'md5', $hmac, $key !== hashhmac 'md5', $hash, $key ---|--- WP developers just...

IRCCloud: Unsecure cookies, cookie flag secure not set

Since you are running on a secure connection, https, you should be ensuring that everything runs securely on your client's / visitors case. I have check the cookie session of IRCCloud and found out that it is not flag as secure. Whenever a cookie contains sensitive information or is a session...

OpenSSL TLS Heartbeat Extension - Heartbleed Information Leak (1)

OpenSSL TLS Heartbeat Extension - Heartbleed Information Leak 1 / CVE-2014-0160 heartbleed OpenSSL information leak exploit ========================================================= This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information...

Mylar - Platform for building secure web applications

Web applications rely on servers to store and process confidential information. However, anyone who gains access to the server e.g., an attacker, a curious administrator, or a government can obtain all of the data stored there. Mylar protects data confidentiality even when an attacker gets full...

CVE-2013-5444

The server in IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows remote attackers to read encrypted credentials via unspecified vectors...

CVE-2013-5444

The server in IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows remote attackers to read encrypted credentials via unspecified vectors...

Twitter enables StartTLS for Secure Emails to prevent Snooping

TWITTER is taking users' privacy and security very seriously and in an effort to prevent Government snooping, the company has secured your Twitter emails with with TLS Transport Layer Security. Twitter emails were previously using a plain text communication protocol, that now has been upgraded to...

HTTPS can leak your Personal details to Attackers

Explosive revelations of massive surveillance programs conducted by government agencies by the former contractor Edward Snowden triggered new debate about the security and privacy of each individual who is connected somehow to the Internet and after the Snowden’s disclosures they think that by...

[VNC Password Recovery v2.0] All-in-one VNC Password Decoder Tool

VNC Password Recovery is the FREE software to instantly recover VNC password stored by popular VNC Servers. It automatically detects the encrypted VNC password stored in the file system or registry by various VNC server applications. Then it quickly decrypts it and display the original VNC...