Gratipay: Authentication errors in server side validaton of E-MAIL

To be honest, I'm not sure if there is any real security implications of this bug, but it's something which should be fixed at some point since it'll be pretty easy. I'm going to describe the issue with reproducible steps: 1. Navigate to Gratipay Settings Page...

Workbox Plugin loads full HTML of JIRA comment, leads to GC loop of death on large comment

To reproduce: start Confluence with GC logging enabled optional, but helps Link Confluence and JIRA create an issue in JIRA watch it add a large comment to the JIRA issue, e.g. paste a 7.7MB log file between \code\ tags open the workbox in Confluence optional: in network tab of web developer tool...

Workbox Plugin loads full HTML of JIRA comment, leads to GC loop of death on large comment

To reproduce: start Confluence with GC logging enabled optional, but helps Link Confluence and JIRA create an issue in JIRA watch it add a large comment to the JIRA issue, e.g. paste a 7.7MB log file between \code\ tags open the workbox in Confluence optional: in network tab of web developer tool...

Crypto Leaders: 'Exceptional Access' Will Undo Security

A powerhouse baker’s dozen of cryptography experts and pioneers have released a paper explaining the potential legal and ethical issues relative to the government’s continued insistence on access to cryptographic keys that secure communication over the Internet. The paper, called “Keys Under...

Debian DLA-250-1 : libclamunrar security update

Upstream published version 0.98.5. This update updates sqeeze-lts to the latest upstream release in line with the approach used for other Debian releases. This update corrects a double-free error that existed within the 'unrarextractnextprepare' function libclamunrariface/unrariface.c when parsin...

[SECURITY] [DLA 250-1] libclamunrar security update

Package : libclamunrar Version : 0.98.5-0+deb6u1 Debian Bug : 770647 Upstream published version 0.98.5. This update updates sqeeze-lts to the latest upstream release in line with the approach used for other Debian releases. This update corrects a double-free error that existed within the...

DLA-250-1 libclamunrar - security update

Bulletin has no description...

Understanding the Shared Security Model in Amazon Web Services

Security in the Amazon EC2 environment is a responsibility shared by both the end user and Amazon. This is because within this environment there are specific parts that Amazon has control of and specific parts that are controlled by the end user. For the end user, they are responsible for securin...

Mozilla Moving Toward Full HTTPS Enforcement in Firefox

The Mozilla Foundation is initiating the process to phase out insecure HTTP connections in the Firefox browser. The decision is part of a broader movement to encrypt the Web, which in the case of Mozilla Firefox, means permitting only encrypted HTTPS browser connections. Mozilla is the developer ...

'Yes, Your Car Wash is On Facebook'

CANCUN–When or if people think about the security of the devices they interact with and use on a daily basis, the machines that run their local car wash probably aren’t high up on that list. But, like everything else with a computer for a brain these days, those machines are connected to the...

HackerOne: Markdown code block sequence makes report unreadable

Proof of Concept Submitting a report/comment with an input like the following "Three backticks followed by a newline followed by -ddd/d" will cause the report to be unreadable I think it's because the parser is crashing? The attached file includes the input that I'm trying with difficulty to...

CVE-2 0 1 4-1 8 0 6 . NET Remoting Services vulnerability analysis-vulnerability warning-the black bar safety net

0x00 description Microsoft . NET Remoting is a distributed processing manner, there is provided a method that allows the object by the application domain with the other objects to interact with the framework. A few days ago James Forshaw posted a CVE-2 0 1 4-1 8 0 6 . NET Remoting Services exploi...

Smartphone Owners Lack Motivation to Adequately Lock Devices

A quarter of smartphone owners don’t lock their devices because they don’t believe they have any data worth protecting. Even more refrain from doing it because they feel like it’s too much of a hassle. That’s at least according to a new study carried out by six researchers, four from the Universi...

Black Hat 2014: Multipath TCP Introduces Security Blind Spot

If multipath TCP is the next big thing to bring resilience and efficiency to networking, then there are some serious security issues to address before it goes mainstream. MPTCP is an extension to the Internet’s primary communication protocol. It allows a TCP session to move over multiple...

Dennis Fisher and Mike Mimoso Discuss This Week's Microsoft Takedown

Dennis Fisher and Mike Mimoso discuss the Microsoft malware takedown, its legal and security implications and the revelation of a massive financial fraud campaign in Brazil. Download: digitalunderground157.mp3 Music by Chris Gonsalves...

SGI IRIX <= 6.5.2 nsd Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/412/info A vulnerability has been discovered in the nsd service, as included by SGI in Irix 6.5.x. The vulnerability allows remote users to access potentially sensitive pieces of information, including, but not limited to...

PHP Director <= 0.21 Remote Command Execution Exploit

No description provided by source. --+++===================================================================+++-- --+++====== PHP Director = 0.21 Remote Command Execution Exploit ======+++-- --+++===================================================================+++-- !/usr/bin/perl use strict; us...

FTC Asks Data Brokers, Congress for Transparency, Regulation

The Federal Trade Commission called on data brokers to be more transparent and give users more control over their personal information in a comprehensive report issued yesterday. The 100-plus page document, “Data Brokers: A Call for Transparency and Acccountability,” .PDF criticizes the industry...

[oss-security] libgadu vulnerability: possible memory corruption

I'd like to request a CVE ID for the following issue: A crafted message from the file relay server may cause memory to beoverwritten. The memory is not overwritten with data sent directly by the server, but security implications cannot be ruled out. The bug is public:...

FTC Discusses Regulating User-Generated Health Information

The proliferation of wearable devices coupled with smartphone apps that monitor heart rates and other health metrics raises an important question: How exactly should the information generated by these devices be regulated? If there’s a fist fight in a bar can a person’s Fitbit accelerator be...