FreeBSD Bans Intel, Via Chips

FreeBSD, the open-source operating system, announced that it will no longer support Intel’s RdRand and Via Technology’s Padlock on-chip random number generators RNGs moving forward in new versions of the UNIX-like operating system. The move apparently follows reports from earlier this year that t...

Bitcoins - Secured by NSA designed Encryption or Backdoored ?

It’s been nearly three months since Edward Snowden started telling the world about the National Security Agency’s mass surveillance of global communications. After the last week report that the National Security Agency has leveraged its cooperative relationships with specific industry partners to...

Fedora Update for libtomcrypt FEDORA-2013-14488

Check for the Version of libtomcrypt OpenVAS Vulnerability Test Fedora Update for libtomcrypt FEDORA-2013-14488 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

Oracle Linux 5 : kernel (ELSA-2009-1455)

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2009-1455 advisory. - Revert: net atalk/irda: memory leak to user in getname Danny Feng 519309 519310 CVE-2009-3001 CVE-2009-3002 - net atalk/irda: memory leak to user in getname...

PHP-Fusion: source code security analysis report

Several vulnerabilities were discovered in PHP-Fusion 'PHP-Fusion' software: Incorrect User Input Filtration when Connecting to External Files File System Path Manipulation Incorrect User Input Filtration when Using Regular Expressions while Calling the pregreplace Function Using Insufficiently...

Fake Windows 8 Key Generators Found Tricking Users

Attackers continue to exploit the buzz behind the launch of Windows 8, Microsoft’s latest operating system. The latest attack attempts to trick users into using fake key generators that claim they’ll install the software to computers free of charge. Key generators, or keygens, are programs that...

PASSTEAL Malware Lurking on File Sharing Sites

Variants of the PASSTEAL malware are propagating by masquerading as key generators for paid applications, popular e-books, and other software on file sharing services, according Alvin John Nieto, a threat response engineer at TrendMicro’s TrendLabs. PASSTEAL, as its name suggests, is a piece of...

Passwords are Dead, Long Live Passwords

Passwords as a defensive measure are complete rubbish. There’s no two ways about that. The fact that high-value services such as online banking, corporate email and data storage use simple passwords as the only real security mechanism is a sad commentary on the state of defensive technologies. Bu...

What You Need to Know About the RSA Key Research

It’s always slightly disorienting and confusing when a story about something as esoteric as weak encryption keys produced by poor random number generators makes its way into the real world and begins scaring the citizens. This can lead to confusion and worry about whether everyone’s online bankin...

[SECURITY] Fedora 16 Update: rubygem-railties-3.0.10-1.fc16

Rails internals: application bootup, plugins, generators, and rake tasks. Railties is responsible to glue all frameworks together. Overall, it: handles all the bootstrapping process for a Rails application; manager rails command line interface; provides Rails generators core;...

ICMP Timestamp Detection

The remote host responded to an ICMP timestamp request. The Timestamp Reply is an ICMP message which replies to a Timestamp message. It consists of the originating timestamp sent by the sender of the Timestamp as well as a receive timestamp and a transmit timestamp. This information could...

RSA Hack Yields SecurID Secrets

RSA Security, a division of EMC Corp. has admitted that it was the victim of a sophisticated attack that resulted in the theft of secrets related to its SecurID two-factor authentication product. The disclosure came in a blog post by RSA chief Art Coviello on Thursday. Coviello said that the...

A Look Deep Inside the Scareware Epidemic

Kaspersky Lab malware analyst Vyacheslav Zakorzhevsky has written an in-depth article describing the scareware fake anti-virus epidemic. The article touches on the common distribution techniques, the tricks used to scare users into paying fraudsters for a removal tool and the way code generators...

CVE-2008-5986

Untrusted search path vulnerability in the 1 "VST plugin with Python scripting" and 2 "VST plugin for writing score generators in Python" in Csound 5.08.2, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory,...

Information disclosure

LibTMCG before 1.1.1 does not perform a range check to avoid "trivial group generators," which allows attackers to obtain sensitive information about private cards...

CVE-2007-2640

LibTMCG before 1.1.1 does not perform a range check to avoid "trivial group generators," which allows attackers to obtain sensitive information about private cards...

Remote file inclusion

PHP remote file inclusion vulnerability in index.php in Mafia Scum Tools 2.0.0 in Matthew Wardrop Advanced Random Generators adv-random-gen allows remote attackers to execute arbitrary PHP code via a URL in the gen parameter...

Multiple security vulnerabilities in Bluetooth protocol and Bluetooth stacks implementations

Buffer overflows, weak authentication algorithm, weak pseudo-random number generators, directory traversals, etc...

OWASP JBroFuzz 0.3 Fuzzer Released!

JBroFuzz is an OWASP Project that emerged from penetration testing. It deals with fuzzing stateless network protocols such as HTTP, SOAP, XML, LDAP, etc. Apart from fancy terminology, JBroFuzz 0.3 has inbuilt the following Generators ready to be used: basic cross site scripting checks XSS basic S...

CVE-2005-3087

The SecureW2 3.0 TLS implementation uses weak random number generators rand and srand from system time during generation of the pre-master secret PMS, which makes it easier for attackers to guess the secret and decrypt sensitive data...