Cryptography Expert Says, 'PGP Encryption is Fundamentally Broken, Time for PGP to Die'

A Senior cryptography expert has claimed multiple issues with PGP email encryption - an open source end-to-end encryption to secure email. Before continuing, I would like to clarify that covering this topic doesn't mean you should stop using PGP encryption, instead we are bringing to you what...

OpenSSL 0.9.x CBC Error Information Leakage Weakness

No description provided by source. source: http://www.securityfocus.com/bid/6884/info A side-channel attack against implementations of SSL exists that, through analysis of the timing of certain operations, can reveal sensitive information to an active adversary. This information leaked by...

OpenSSL Heartbleed Highlights Crypto Pitfalls

There is no shortage of bad advice online about crypto–or anything else, for that matter. And the recent mess involving the OpenSSL heartbleed vulnerability has brought out plenty of advice on building, implementing and repairing cryptosystems, but experts say that the fundamental truths about ho...

Extended Random Extension Made Cracking BSAFE Trivial

UPDATE: Known theoretical attacks against TLS using the troubled Dual EC random number generator— something an intelligence agency might try its hand at—are in reality a bit more challenging than we’ve been led to believe. The addition of the Extended Random extension to RSA Security’s BSAFE...

[CIAT] Crypto Implementations Analysis Toolkit

.png The Cryptographic Implementations Analysis Toolkit CIAT is compendium of command line and graphical tools whose aim is to help in the detection and analysis of encrypted byte sequences within files executable and non-executable. Download CIAT...

[Umap] The USB host security assessment tool

umap is a tool which allows you to test the security of USB host implementations i.e. something you plug a USB device into, like a PC or a tablet. Its primary function at the moment is a fuzzer with test cases based on a combination of data from standards documentation and the author's experience...

[SECURITY] Fedora 19 Update: hylafax+-5.5.4-1.fc19

HylaFAXtm is a enterprise-strength fax server supporting Class 1 and 2 fax modems on UNIX systems. It provides spooling services and numerous supporting fax management tools. The fax clients may reside on machines different from the server and client implementations exist for a number of platform...

Attack Exploits Weakness in RC4 Cipher to Decrypt User Sessions

It’s been more than 25 years since Ron Rivest invented his RC4 stream cipher, and after all that time it’s still being used widely, which is something of an achievement in the crypto world. However, for more than 15 years researchers have known about a weakness in RC4 that could enable an attacke...

[IPv6 Toolkit v1.3] Security Assessment and Troubleshooting Tool for the IPv6 Protocols

A security assessment and troubleshooting tool for the IPv6 protocols. The SI6 Networks’ IPv6 toolkit is a set of IPv6 security/trouble-shooting tools, that can send arbitrary IPv6-based packets. Supported platforms The following platforms are supported: FreeBSD, NetBSD, OpenBSD, Linux, and Mac O...

[SECURITY] Fedora 17 Update: boost-1.48.0-14.fc17

Boost provides free peer-reviewed portable C++ source libraries. The emphasis is on libraries which work well with the C++ Standard Library, in the hopes of establishing "existing practice" for extensions and providing reference implementations so that the Boost libraries are suitable for eventua...

Cisco IOS multiple security vulnerabilities

Multiple DoS conditions in different protocols implementations...

Scientific Linux Security Update : kernel on SL 5.0-5.4 i386/x86_64

This kernel is already in SL 5.5 This updated contains all the security and bug fixes from the 2.6.18-194.el5 kernel. In additions this update fixes the following security issues : - a flaw was found in the Unidirectional Lightweight Encapsulation ULE implementation. A remote attacker could send ...

Debian Security Advisory DSA 2398-2 (curl)

The remote host is missing an update to curl announced via advisory DSA 2398-2. OpenVAS Vulnerability Test $Id: deb23982.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2398-2 curl Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

Ubuntu Update for openjdk-6 vulnerabilities USN-1079-1

Ubuntu Update for Linux kernel vulnerabilities USN-1079-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN10791.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for openjdk-6 vulnerabilities USN-1079-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH,...

TELUS Security Labs VR - iSCSI target Multiple Implementations iSNS Stack Buffer Overflow

iSCSI target Multiple Implementations iSNS Stack Buffer Overflow TSL ID: FSC20100701-01 1. Affected Software iSCSI Enterprise Project iscsitarget 1.4.20.1 and prior SCST project iscsi-scst 1.0.1.1 and prior tgt project tgt 1.0.5 and prior References: http://iscsitarget.sourceforge.net/...

SSH Brute Force Attacks Resurface

Security experts are warning about a fresh round of attacks against SSH implementations. The attacks are brute-force attempts to authenticate to remote SSH servers, a tactic that has been used quite often in the past in distributed attacks. The attacks, which the handlers at the SANS Internet Sto...

RHEL 5 : kernel (RHSA-2010:0398)

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

Debian DSA-2000-1 : ffmpeg-debian - several vulnerabilities

Several vulnerabilities have been discovered in ffmpeg, a multimedia player, server and encoder, which also provides a range of multimedia libraries used in applications like MPlayer : Various programming errors in container and codec implementations may lead to denial of service or the execution...

[SECURITY] [DSA 2000-1] New ffmpeg packages fix several vulnerabilities

------------------------------------------------------------------------ Debian Security Advisory DSA-2000-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 18, 2010 http://www.debian.org/security/faq -...

Multiple TCP implementations different security vulnerabilities

Multiple security vulnerabilities in different operation sustems caused by resource exhaustions on maintaining TCP states table...