APPLE-SA-2012-09-19-3 Safari 6.0.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-09-19-3 Safari 6.0.1 Safari 6.0.1 is now available and addresses the following: Safari Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 and v10.8.1 Impact: Opening a maliciously crafted downloaded HTML...

CVE-2012-3742

Safari in Apple iOS before 6 does not properly restrict use of an unspecified Unicode character that looks similar to the https lock indicator, which allows remote attackers to spoof https connections by placing this character in the TITLE element of a web page...

CVE-2012-3715

Apple Safari before 6.0.1 makes http requests for https URIs in certain circumstances involving a paste into the address bar, which allows user-assisted remote attackers to obtain sensitive information by sniffing the network...

CVE-2012-3742

Safari in Apple iOS before 6 does not properly restrict use of an unspecified Unicode character that looks similar to the https lock indicator, which allows remote attackers to spoof https connections by placing this character in the TITLE element of a web page...

Design/Logic Flaw

Apple Safari before 6.0.1 makes http requests for https URIs in certain circumstances involving a paste into the address bar, which allows user-assisted remote attackers to obtain sensitive information by sniffing the network...

Code injection

Safari in Apple iOS before 6 does not properly restrict use of an unspecified Unicode character that looks similar to the https lock indicator, which allows remote attackers to spoof https connections by placing this character in the TITLE element of a web page...

UBUNTU-CVE-2012-3742

Safari in Apple iOS before 6 does not properly restrict use of an unspecified Unicode character that looks similar to the https lock indicator, which allows remote attackers to spoof https connections by placing this character in the TITLE element of a web page...

CVE-2012-3742

The CVE-2012-3742 issue affects Safari on iOS before 6, where an unspecified Unicode look-alike of the HTTPS lock icon in a page title could mislead users into believing a connection is secure. Root cause: inadequate restriction of look-alike Unicode characters in the TITLE element, enabling spoo...

Safari < 6.0.1 Multiple Vulnerabilities

Binary data 6582.prm...

Mac OS X : Apple Safari < 6.0.1 Multiple Vulnerabilities

The version of Apple Safari installed on the remote Mac OS X host is earlier than 6.0.1. It is, therefore, potentially affected by several issues : - A logic error in Safari's handling of the Quarantine attribute caused the safe mode not to be triggered on Quarantined files, which could lead to t...

For SSL the latest method of attack CRIME of the principles and technical details-vulnerability warning-the black bar safety net

Author:Pnig0s decodingFreeBuf We may concern before the for SSL a attack technique, called the BEAST. This is still found in BEAST of the two greatJuliano Rizzoand Thai Duong discovered another new attack on HTTPS techniques, and before of similar, called“CRIME”is. BEAST to from SSL/TLS encrypted...

Demo of the CRIME TLS Attack

Security researchers Juliano Rizzo and Thai Duong have developed a new attack called CRIME on the TLS protocol that uses the compression ratio in TLS requests as a side channel to gather information that enables them to decrypt the requests and extract users’ cookies. The attack works against bot...

Почта Mail.Ru началаиспользовать HTTPS-шифрованиепо умолчанию для всехпользователей.

Оригинал: http://www.anti-malware.ru/news/2012-09-13/10010 Дата добавления: 13.09.12 Поддержка HTTPS уже существовала в Почте Mail.Ru — эту опцию можно было выбрать в настройках; теперь же Mail.Ru включает шифрование трафика по умолчанию защита включена всегда по умолчанию. В Почте Mail.Ru...

Microsoft OneDrive Detection via HTTPS

Binary data 6572.prm...

Slackware: Security Advisory (SSA:2011-086-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Slackware: Security Advisory (SSA:2011-086-02)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Novell File Reporter Agent VOL Tag Remote Code Execution (uncredentialed check)

Binary data novellfilereporteragentzdi-12-167.nbin...

CRIME : New SSL/TLS attack for Hijacking HTTPS Sessions

Two security researchers claim to have developed a new attack that can decrypt session cookies from HTTPS Hypertext Transfer Protocol Secure connections. From the security researchers who created and demonstrated the BEAST Browser Exploit Against SSL/TLS tool for breaking SSL/TLS encryption comes...

Fedora Update for openconnect FEDORA-2012-6689

Check for the Version of openconnect OpenVAS Vulnerability Test Fedora Update for openconnect FEDORA-2012-6689 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

Fedora Update for mozilla-https-everywhere FEDORA-2012-7051

Check for the Version of mozilla-https-everywhere OpenVAS Vulnerability Test Fedora Update for mozilla-https-everywhere FEDORA-2012-7051 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribut...