Yahoo Encrypts Data Center Communication Links

Yahoo certainly has taken its share of knocks during the past nine months of surveillance revelations and Snowden leaks for its encryption shortcomings. But the bruises are healing and the company is slowly working its way back into good graces. After months of being an encryption laggard, Yahoo...

YAHOO! Now Encrypts Everything; Encrypted Yahoo Messenger Coming Soon

ON HIGH-PRIORITY YAHOO! is finally rolling out encryption implementation over their site and services in order to protect users. Yahoo is rapidly becoming one of the most aggressive supporters of encryption, as in January this year Yahoo enabled the HTTPS connections by default, that automaticall...

Updated curl packages fix multiple vulnerabilities

Updated curl packages fix security vulnerabilities: Paras Sethia discovered that libcurl would sometimes mix up multiple HTTP and HTTPS connections with NTLM authentication to the same server, sending requests for one user over the connection authenticated as a different user CVE-2014-0015. libcu...

Fedora Update for mingw-libpng FEDORA-2014-4564

Check for the Version of mingw-libpng OpenVAS Vulnerability Test Fedora Update for mingw-libpng FEDORA-2014-4564 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

PayPal for Android SSL证书校验安全漏洞

CVE ID:CVE-2013-7201 PayPal for Android是一款用于安卓的paypal支付应用。 PayPal for Android WebHybridClient类不正确校验服务器SSL证书，允许攻击者利用漏洞伪造HTTPS链接，进行中间人等攻击。 0 PayPal for Android 5.3 目前没有详细解决方案提供： https://play.google.com/store/apps/details?id=com.paypal.android.p2pmobile&hl=en...

CVE-2014-2258

Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service defect-mode transition via crafted HTTPS packets, a different vulnerability than CVE-2014-2259...

Design/Logic Flaw

Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service defect-mode transition via crafted HTTPS packets, a different vulnerability than CVE-2014-2259...

CVE-2014-2258

Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service defect-mode transition via crafted HTTPS packets, a different vulnerability than CVE-2014-2259...

cURL/libcURL SSL证书验证安全限制绕过漏洞

BUGTRAQ ID: 66296 CVE ID: CVE-2014-2522 cURL是命令行传输文件工具，支持FTP、FTPS、HTTP、HTTPS、GOPHER、TELNET、DICT、FILE和LDAP。 cURL/libcURL在服务器证书的验证上存在安全漏洞，成功利用后可导致中间人攻击或服务器欺骗。 0 cURL 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://curl.haxx.se/...

Back off, NSA! Gmail now Encrypts every single Email

2014 - The Year for Encryption! Good News for Security & Privacy seekers, Gmail is now more secure than ever before. Google has announced that it has enhanced encryption for its Gmail email service to protect users from government cyber-spying; by removing the option to turn off HTTPS. So from...

Google Encrypts All Gmail Connections

Perhaps no company has been as vocal with its feelings about the revelations about the NSA’s collection methods as Google has, and the company has been making a series of changes to its infrastructure in recent months to make it more difficult for adversaries to snoop on users’ sessions. The...

Fedora 20 : ReviewBoard-1.7.22-2.fc20 (2014-3446)

New upstream security release 1.7.22 - http://www.reviewboard.org/docs/releasenotes/reviewboa rd/1.7.22/ - Security Fixes : - An XSS vulnerability was found in the Search field's auto-complete. - New Features : - Added support for anonymous access to public Local Sites. - Added support for...

CVE-2014-2259

Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service defect-mode transition via crafted HTTPS packets...

Code injection

Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service defect-mode transition via crafted HTTPS packets...

CVE-2014-2259

Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service defect-mode transition via crafted HTTPS packets...

CVE-2014-2259

Siemens SIMATIC S7-1500 CPU PLCs were affected by CVE-2014-2259: devices running firmware before 1.5.0 could be forced into defect mode (DoS) by specially crafted HTTPS packets. The issue stems from the web/server handling in the CPU firmware, enabling remote DoS without authentication. Siemens r...

Squid SSL-Bump HTTPS请求处理拒绝服务漏洞

CVE ID:CVE-2014-0128 Squid Cache简称为Squid是一个流行的代理服务器和Web缓存服务器软件。 Squid SSL-Bump中相关状态管理处理存在错误，允许攻击者提交特制的HTTP请求触发断言错误，造成拒绝服务攻击。 0 Squid 3.x 厂商补丁： Squid ----- Squid 3.3.12或3.4.4已经修复该漏洞，建议用户下载更新： http://www.squid-cache.org...

Fedora Update for kernel FEDORA-2014-3448

Check for the Version of kernel OpenVAS Vulnerability Test Fedora Update for kernel FEDORA-2014-3448 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

Command Shell, Android Reverse HTTPS Stager

Spawn a piped command shell sh. Tunnel communication over HTTPS This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = :dynamic include Msf::Payload::Stager include Msf::Payload::Android...

Android Meterpreter, Android Reverse HTTPS Stager

Run a meterpreter server in Android. Tunnel communication over HTTPS This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = :dynamic include Msf::Payload::Stager include...