SSL Vulnerability Affects OSX Too

The certificate-validation vulnerability that Apple patched in iOS yesterday also affected Mac OS X up to 10.9.1, the current version. Several security researchers analyzed the patch and looked at the code in question in OS X and found that the same error exists there as in iOS. Researcher Adam...

Apple's iOS vulnerable to Man-in-the-middle Attack, Install iOS 7.0.6 to Patch

Apple's latest 35.4 MB update of iOS 7.0.6 doesn't seem important at first, but it contains a critical security patch that addresses a flaw with SSL encryption. Yes, a very critical security vulnerability that could allow hackers to intercept email and other communications that are meant to be...

Windows Error Reporting Used to Find Advanced Exploits

Windows Error Reporting, also known as Dr. Watson reports, are Windows crash reports sent by default unencrypted to Microsoft, which uses them to fix bugs. The reports are rich with system data that Microsoft also uses to enhance user interaction with its products. Since, however, they are sent i...

LinkedIn Intro Service to Shut Down March 7

LinkedIn announced on Friday it was shuttering its four-month-old Intro service which stirred up a privacy meltdown shortly after its release in October. Intro was an integrated service for iOS which sat as a proxy between the built-in iOS mail client and the user’s email provider. Intro would...

LinkedIn shutting down its security-plagued INTRO app in Early March

Last October, the social network 'LinkedIn' launched a controversial Smartphone app called 'Intro' that intercepts and route all of your emails through LinkedIn servers to inject LinkedIn profiles of the sender directly into the mails. The app was released for Android, as well as iOS devices. Why...

By wave CMS arbitrary file type upload get webshell-vulnerability warning-the black bar safety net

Brief description: There is no uploaded file type is determined, you can directly Upload a dynamic script to get webshell Detailed description: From the official website to download the cms code in the source directory edit directory batupload. aspx file By decompile to see source code as follows...

KLA10458 Multiple vulnerabilities in HP SMH

Multiple vulnerabilities was found in HP SMH. By exploiting these vulnerabilities malicious users can conduct XSS, CSRF and clicjacking attacks via unspecified vectors. These vulnerabilities can be exploited remotely. Original advisories HP bulletin Related products HP-System-Management-Homepage...

Microsoft DirectAccess Security Advisory (2862152)

This host is missing an important security update according to Microsoft advisory 2862152. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

MS KB2862152: Vulnerability in DirectAccess Could Allow Security Feature Bypass

The remote host is affected by a security feature vulnerability due to improper verification of server X.509 certificates by DirectAccess. A man-in-the-middle attacker, by using a server with a crafted certificate installed, can exploit this flaw to pose as a legitimate server to a targeted clien...

Snowden reveals, GCHQ planted malware via LinkedIn and Slashdot traffic to hack Belgacom Engineers

Edward Snowden, a former contractor at America's National Security Agency NSA, has rocked the intelligence world by leaking secret documents which reveal the previously unknown extent of global spying. But looks like the NSA isn't the only one using dirty digital tricks to hack its targets. Back ...

FBI offering $100,000 reward for information on Most Wanted Cyber Criminals

The US Federal Bureau of Investigation has added five new hackers to its Cyber most wanted list and is seeking information from the public regarding their whereabouts. The men are wanted in connection with hacking and fraud crimes both within the US as well as internationally. Rewards ranging fro...

'LinkedIn Intro' iOS app can read your emails in iPhone

Your LinkedIn profile is your digital resume. Yesterday, LinkedIn launched a new app for for iOS devices called Intro 'LinkedIn Intro'. With this feature an email on your iPhone will display a picture of the sender, with useful profile info from LinkedIn. Basically, to use the service, a LinkedIn...

New Zealand Government Forcing Internet Companies and Network Operators to provide Interception capability

In August the New Zealand has passed a bill that radically expands the powers of The Government Communications Security Bureau GCSB, an intelligence agency of the New Zealand government, equivalent of the National Security Agency NSA. The bill demands the companies and other network operators lik...

New Zealand Government Forcing Internet Companies and Network Operators to provide Interception capability

In August the New Zealand has passed a bill that radically expands the powers of The Government Communications Security Bureau GCSB, an intelligence agency of the New Zealand government, equivalent of the National Security Agency NSA. The bill demands the companies and other network operators lik...

APPLE-SA-2013-09-20-1 Apple TV 6.0

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-09-20-1 Apple TV 6.0 Apple TV 6.0 is now available and addresses the following: Apple TV Available for: Apple TV 2nd generation and later Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or...

Cisco Unified Computing System Software KVM Encryption Vulnerability

A vulnerability in Cisco Unified Computing System software KVM could allow an unauthenticated, remote attacker to intercept a KVM connection to spoof a host or decrypt keyboard and mouse events on an encrypted channel. The vulnerability is due to a hard coded SSL certificate. An attacker could...

[sslnuke] SSL without verification isn't secure!

We have all heard over and over that SSL without verification is not secure. If an SSL connection is not verified with a cached certificate, it can easily be hijacked by any attacker. So in 2013, one would think we had totally done away with this problem. Browsers cache certificates and very loud...

Apple Mac OS X 'IPSec Hybrid Auth' 服务器证书安全绕过漏洞(CVE-2013-1028)

BUGTRAQ ID: 62371 CVECAN ID: CVE-2013-1028 Apple Mac OS X是苹果电脑操作系统软件。 Mac OS X 10.8 - 10.8.4存在安全漏洞，攻击者可以截获IPSec Hybrid Auth所保护的数据。IPSec Hybrid Auth服务器的DNS名称没有匹配证书，可使具有任何服务器证书的攻击者利用此漏洞模拟其他服务器。 0 Apple Mac OS X 10.8 - 10.8.4 Apple Mac OS X 厂商补丁： Apple ----- Apple已经为此发布了一个安全公告（HT5880）以及相应补丁:...

Researchers Reverse Engineer Dropbox

Researchers have cracked open cloud storage service Dropbox, reverse engineering the encryption protecting the client in order to open it up to further security analysis. The engineers, Dhiru Kholia of Openwall and Przemyslaw Wegrzyn of CodePainters, also managed to demonstrate how to use...

SuSE 11.2 / 11.3 Security Update : Apache2 (SAT Patch Numbers 8137 / 8138)

This collective update for Apache provides the following fixes : - Make sure that input that has already arrived on the socket is not discarded during a non-blocking read read2 returns 0 and errno is set to -EAGAIN. bnc815621 - Close the connection just before an attempted re-negotiation if data...