[GNUnet P2P Framework] v 0.9.4

GNUnet is a framework for secure peer-to-peer networking that does not use any centralized or otherwise trusted services. A first service implemented on top of the networking layer allows anonymous censorship-resistant file-sharing. Anonymity is provided by making messages originating from a peer...

Mozilla Adding More Stringent HTTPS Enforcement to Firefox

Mozilla is adding an extra layer of security in its Firefox browser by implementing HTTP Strict Transport Security HSTS, a mechanism that will force some sites into establishing a secure, HTTPS connection with the browser if its presented with the right certificate. According to an entry on...

EFF Raises Questions on Privacy Leaks in Ubuntu

The EFF is warning users of Ubuntu’s latest release that the open-source operating system sends their search queries to third parties, including Amazon, by default, and that some of their search results may be viewable by other users on the same network. The privacy leaks are present in Ubuntu...

WinRM Authentication Method Detection

This module sends a request to an HTTP/HTTPS service to see if it is a WinRM service. If it is a WinRM service, it also gathers the Authentication Methods supported. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework cla...

Fixed in Apache Tomcat 6.0.36

Important: Denial of service CVE-2012-2733 The checks that limited the permitted size of request headers were implemented too late in the request parsing process for the HTTP NIO connector. This enabled a malicious user to trigger an OutOfMemoryError by sending a single request with very large...

Legrand-003598 / Bticino-F454 Credential Disclosure

OVERVIEW Credential leaks lead to complete compromise of home automation system 2. BACKGROUND The 2 devices are identical, and act as an IP gateway between the SCS home automation bus, and an IP network. The devices uses https for the web-front, and is also open on port 20000 with an semi open...

HTTPS Everywhere 3.0 Released

The EFF has released an updated version of its popular HTTPS Everywhere browser plugin, which enables users to automatically connect over HTTPS to many sites. The newest version of the extension now supports more than 1,500 sites. The EFF developed HTTPS Everywhere in collaboration with The Tor...

IETF Approves HSTS as Proposed Standard

One of the things that makes attackers dance around their basement lairs is finding unencrypted Web sessions. Sites that don’t give users the option to use HTTPS make life that much easier for attackers trying to hijack users’ Web sessions or eavesdrop on them. The IETF has taken a big step towar...

Apple Jailbroken Device Detection via HTTPS

Binary data 7063.pasl...

CVE-2012-2125 CVE-2012-2126 rubygems: Two security fixes in v1.8.23

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack...

Apple Safari URL处理安全限制绕过漏洞

BUGTRAQ ID: 55626 CVE ID: CVE-2012-3715 Safari是苹果计算机的最新作业系统Mac OS X中的浏览器，使用了KDE的KHTML作为浏览器的运算核心。 Apple Safari 6.0.1之前版本处理地址栏中的HTTPS URL时存在逻辑错误。如果通过黏贴文本编辑部分地址，请求会被通过HTTP意外发送。 0 Apple Safari 6.x 厂商补丁： Apple ----- Apple已经为此发布了一个安全公告（APPLE-SA-2012-09-19-3）以及相应补丁:...

APPLE-SA-2012-09-19-3 Safari 6.0.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-09-19-3 Safari 6.0.1 Safari 6.0.1 is now available and addresses the following: Safari Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 and v10.8.1 Impact: Opening a maliciously crafted downloaded HTML...

CVE-2012-3742

Safari in Apple iOS before 6 does not properly restrict use of an unspecified Unicode character that looks similar to the https lock indicator, which allows remote attackers to spoof https connections by placing this character in the TITLE element of a web page...

CVE-2012-3715

Apple Safari before 6.0.1 makes http requests for https URIs in certain circumstances involving a paste into the address bar, which allows user-assisted remote attackers to obtain sensitive information by sniffing the network...

Design/Logic Flaw

Apple Safari before 6.0.1 makes http requests for https URIs in certain circumstances involving a paste into the address bar, which allows user-assisted remote attackers to obtain sensitive information by sniffing the network...

CVE-2012-3742

Safari in Apple iOS before 6 does not properly restrict use of an unspecified Unicode character that looks similar to the https lock indicator, which allows remote attackers to spoof https connections by placing this character in the TITLE element of a web page...

UBUNTU-CVE-2012-3742

Safari in Apple iOS before 6 does not properly restrict use of an unspecified Unicode character that looks similar to the https lock indicator, which allows remote attackers to spoof https connections by placing this character in the TITLE element of a web page...

Code injection

Safari in Apple iOS before 6 does not properly restrict use of an unspecified Unicode character that looks similar to the https lock indicator, which allows remote attackers to spoof https connections by placing this character in the TITLE element of a web page...

CVE-2012-3742

The CVE-2012-3742 issue affects Safari on iOS before 6, where an unspecified Unicode look-alike of the HTTPS lock icon in a page title could mislead users into believing a connection is secure. Root cause: inadequate restriction of look-alike Unicode characters in the TITLE element, enabling spoo...

Mac OS X : Apple Safari < 6.0.1 Multiple Vulnerabilities

The version of Apple Safari installed on the remote Mac OS X host is earlier than 6.0.1. It is, therefore, potentially affected by several issues : - A logic error in Safari's handling of the Quarantine attribute caused the safe mode not to be triggered on Quarantined files, which could lead to t...