Session fixation

The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

CVE-2013-4629

CVE-2013-4629 concerns Huawei VP9610/VP9620 video-conference hardware where the login session ID is not updated after authentication, enabling session hijacking by a remote, authenticated attacker. Reported impacts align with CVSS metrics: high impact on confidentiality, integrity, and availabili...

CVE-2013-1208

The encryption functionality in Cisco NX-OS on the Nexus 1000V does not properly handle Virtual Supervisor Module VSM to Virtual Ethernet Module VEM communication, which allows remote attackers to intercept or modify network traffic by leveraging certain Layer 2 or Layer 3 access, aka Bug ID...

Does Microsoft spy on Skype conversations?

Skype … once upon a time a VOIP application considered very secure and wiretap-proof, it was the common belief that no one could intercept such communications due a complex mechanism for the management of audio / video and text streams. One day, Microsoft decided to buy the product, according to...

World's most secure messaging service offers £10,000 if you crack it

Privacy conscious phone users are being offered a new app that claims to be the world's first totally secure messaging service. A London-based iPhone messaging app claims to be unhackable and is offering reward to anyone who can intercept a message sent by it. Redact believes that messages sent v...

Forticlient VPN Client Credential Interception

We found this one year ago. Although most versions have been patched we haven't seen any public info on this yet. FORTICLIENT VPN CLIENT CREDENTIAL INTERCEPTION VULNERABILITY ============================================================ Description ----------- The Fortinet FortiClient VPN client o...

Hijacking plane's navigation system with an Android app, Researcher claimed

It is a terrifying prospect, a hack that allows an attacker to take control of plane navigation and cockpit systems has been revealed at a security conference in Europe. This was demonstrated by Hugo Teso, a researcher at security consultancy N.Runs in Germany who's also a commercial airline pilo...

Italian team discoveries flaw in Ruzzle protocol, serious menace to privacy

We are in digital era, everything is connected to the large networks and applications benefit of even more complex devices that deeply interact with owner, in this scenario security requirements assume a crucial importance and security of overall architecture also depend on security of single...

[HoneyProxy] A man-in-the-middle SSL Proxy & Traffic Analyzer

HoneyProxy is a lightweight tool that allows live HTTPS traffic inspection and analysis. It focuses on features that are useful for malware analysis and network forensics. Features Analyze HTTPS traffic on the fly Filter and highlight traffic, regex support included. Report Generation for saved...

Apple App Store was vulnerable for more than Half year

A Google developer helps Apple to fixed a security flaw in its application store that for years has allowed attackers to steal passwords and install unwanted or extremely expensive applications. Security loophole allowed attacker to hijack the connection, because Apple neglected to use encryption...

Mastery OA contents of the log stored XSS can get the cookie-vulnerability warning-the black bar safety net

Mastery OA2013 and 2 0 1 0 version, Office Anywhere 2 0 1 3 work log edit page there is the storage typeXSS, and their superiors view the log after you can steal the cookie 1, the work log edit page source code to bypass the bypass a character can be constructedXSS! ! ! 1, the interception to giv...

MS13-006: Vulnerability in Microsoft Windows Could Allow Security Feature Bypass (2785220) (uncredentialed check)

Binary data ms13-006ssl.nbin...

Phishing Attack Leads to Phony Google, Compromised Red Cross Sites

An apparent phishing scam involving fake Google and Red Cross websites is making the rounds according to security firm Sophos, which intercepted a spammy e-mail this morning that tries to send unsuspecting users to less than genuine versions of those sites. An email with the subject line, “Re:...

Indian Government Wiretapping and started BlackBerry interception

According to a report, All major Indian telecom companies, including Bharti Airtel, Vodafone India and Tata Tele services, have agreed to share real-time interception of BlackBerry calls and data services on their networks with Security agencies to meet the December 31 deadline fixed by the India...

Indian Government Wiretapping and started BlackBerry interception

According to a report, All major Indian telecom companies, including Bharti Airtel, Vodafone India and Tata Tele services, have agreed to share real-time interception of BlackBerry calls and data services on their networks with Security agencies to meet the December 31 deadline fixed by the India...

German Police eavesdropping Facebook, Gmail, Skype Conversations

An eavesdropping tool allegedly used by the German government to intercept Skype calls is full of security problems and may violate a ruling by the country's constitutional court, according to a European hacker club. The information was released as part of a move towards financial transparency. T...

CVE-2012-3718

Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window aka LoginWindow or Screen Saver Unlock by installing an input method that intercepts keystrokes...

mod_pagespeed -- multiple vulnerabilities

Google Reports: modpagespeed 0.10.22.6 is a security update that fixes two critical issues that affect earlier versions: CVE-2012-4001, a problem with validation of own host name. CVE-2012-4360, a cross-site scripting attack, which affects versions starting from 0.10.19.1. The effect of the first...

CVE-2010-5148

Websense Web Security and Web Filter before 7.1 Hotfix 21 do not set the secure flag for the Encrypted Session SSL cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

Session fixation

Websense Web Security and Web Filter before 7.1 Hotfix 21 do not set the secure flag for the Encrypted Session SSL cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...