OpenSSL latest high-risk Vulnerability, CVE-2 0 1 5-1 7 9 3 patch released-vulnerability warning-the black bar safety net

! Researchers Adam Langley/David Benjamin Google/BoringSSLrecently found a new OpenSSL critical security vulnerability. The vulnerability the vulnerability number CVE-2 0 1 5-1 7 9 3, is the certificate validation logic the process not able to properly validate new and untrusted certificates. An...

MariaDB --ssl client option SSL/TLS session enforcement vulnerability

MariaDB is a backward compatible, alternative database server to MySQL. It contains all major open source storage engines. MariaDB fails to properly enforce SSL/TLS links when using the -ssl client option, allowing remote attackers to exploit the vulnerability and conduct man-in-the-middle attack...

PCI DSS version 3.1 released!

As expected, a "minor" revision to the PCI DSS 3.0 standard now version 3.1 was released by the PCI SSC today to address the vulnerabilities exposed by the POODLE and BEAST browser attacks. PCI DSS 3.1 primarily addresses the insecure use of SSL as an encryption protocol within a Cardholder Data...

TWiki View Script debugenableplugins Request Parameter Vulnerability

Added: 03/30/2015 CVE: CVE-2014-7236 BID: 70372 OSVDB: 112977 Background TWiki is a web-based collaboration platform written in PERL. Problem The TWiki view script does not properly sanitize the debugenableplugins parameter before using it. Resolution Upgrade to TWiki-6.0.1 or higher, or apply th...

WhatsApp Messenger Adds End-to-End Encryption by Default

Good news for all Privacy Lovers!! Finally the wildly popular messaging app WhatsApp has made end-to-end encryption a default feature, stepping a way forward for the online privacy of its users around the world. WhatsApp, most popular messaging app with 600 Million users as of October 2014, has...

Exploit for Inadequate Encryption Strength in Openssl

OpenSSL CCS Inject Test ======================= This script is...

New IETF Group to Tackle TLS Implementation in Applications

The NSA surveillance scandal has created ripples all across the Internet, and the latest one is a new effort from the IETF to change the way that encryption is used in a variety of critical application protocols, including HTTP and SMTP. The new TLS application working group was formed to help...

jbossws: Prone to Bleichenbacher attack against to be distributed symmetric key

A flaw was found in JBoss web services where the services used a weak symmetric encryption protocol, PKCS1 v1.5. An attacker could use this weakness in chosen-ciphertext attacks to recover the symmetric key and conduct further attacks...

jbossws: Prone to Bleichenbacher attack against to be distributed symmetric key

A flaw was found in JBoss web services where the services used a weak symmetric encryption protocol, PKCS1 v1.5. An attacker could use this weakness in chosen-ciphertext attacks to recover the symmetric key and conduct further attacks...

jbossws: Prone to Bleichenbacher attack against to be distributed symmetric key

A flaw was found in JBoss web services where the services used a weak symmetric encryption protocol, PKCS1 v1.5. An attacker could use this weakness in chosen-ciphertext attacks to recover the symmetric key and conduct further attacks...

jbossws: Prone to Bleichenbacher attack against to be distributed symmetric key

A flaw was found in JBoss web services where the services used a weak symmetric encryption protocol, PKCS1 v1.5. An attacker could use this weakness in chosen-ciphertext attacks to recover the symmetric key and conduct further attacks...

Fixes in the Works For SSL Attack, But Support Lacking for Newer Versions of Protocol

With the release of the BEAST SSL attack research due tomorrow, researchers are beginning to take note of potential fixes and mitigations for the attack. One of the possibilities is moving to newer versions of TLS that are not vulnerable to the attack, but the problem is that there is precious...

CVE-2001-0160

CVE-2001-0160 involves Lucent/ORiNOCO WaveLAN wireless cards where the Initialization Vector (IV) values used by WEP are predictable. This weakens the confidentiality of WEP-protected traffic because a remote attacker can build information to decrypt messages. The underlying issue is compromised ...

CVE-2001-0160

Lucent/ORiNOCO WaveLAN cards generate predictable Initialization Vector IV values for the Wireless Encryption Protocol WEP which allows remote attackers to quickly compile information that will let them decrypt messages...