On the Security of Password Managers

Good article on password managers that secretly have a backdoor. New research shows that these claims aren’t true in all cases, particularly when account recovery is in place or password managers are set to share vaults or organize users into groups. The researchers reverse-engineered or closely...

libtpms 安全特征问题漏洞

libtpms is a software emulation of a Trusted Platform module by the individual developer Stefan Berger. A security signature issue vulnerability exists in libtpms versions 0.10.0 and 0.10.1, which stems from improperly returning initialization vectors, which could weaken subsequent encryption and...

Microsoft Windows Code injection vulnerability (DoubleAgent)

Overview We’d like to introduce a new Zero-Day technique for injecting code and maintaining persistency on a machine i.e. auto-run dubbed DoubleAgent. DoubleAgent can exploit: Every Windows version Windows XP to Windows 10 Every Windows architecture x86 and x64 Every Windows user...

Debian: Security Advisory (DSA-3202-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...