3272 matches found
SSLsplit - transparent SSL/TLS interception
SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. It is intended to be useful for network forensics, application security analysis and penetration testing. SSLsplit is designed to transparently terminate connections that are redirected to it using a...
CVE-2016-3052
Under non-standard configurations, IBM WebSphere MQ might send password data in clear text over the network. This data could be intercepted using man in the middle techniques...
Design/Logic Flaw
Under non-standard configurations, IBM WebSphere MQ might send password data in clear text over the network. This data could be intercepted using man in the middle techniques...
CVE-2016-3052
Under non-standard configurations, IBM WebSphere MQ might send password data in clear text over the network. This data could be intercepted using man in the middle techniques...
CVE-2016-3052
Under non-standard configurations, IBM WebSphere MQ might send password data in clear text over the network. This data could be intercepted using man in the middle techniques...
SMTP STS Coming Soon to Gmail, Other Webmail Providers
Gmail users can expect the introduction of SMTP Strict Transport Security to the email service some time this year, bringing a measure of security similar to certificate pinning to one of the world’s biggest webmail services. Elie Bursztein, the head of Google’s anti-abuse research team, said at...
On Vulnerable iOS Apps, macOS Macros Malware, and More
Mike Mimoso and Chris Brook preview RSA 2017 and discuss the previous week’s news including the report on how a handful of iOS apps are vulnerable to interception attacks, macro malware coming to MacOS, a new Uber open source module. Show notes: Popular iOS Apps Vulnerable to TLS Interception...
Citrix NetScaler Nonce Generation Vulnerability (CTX220329)
A flaw has been identified in the GCM nonce generation functionality of Citrix NetScaler application Delivery Controller ADC and Citrix NetScaler Gateway that could result in the interception of session data. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from...
Popular iOS Apps Vulnerable to TLS Interception Attacks
Dozens of iOS mobile banking, medical and other applications handling sensitive user information are vulnerable to man-in-the-middle attacks where TLS traffic can be intercepted. Of the 76 apps analyzed by Sudo Security Group, 19 are considered high-risk where financial or medical credentials, or...
Many Android VPN Apps Breaking Privacy Promises
An alarming number of Android VPNs are providing a decidedly false sense of security to users, especially those living in areas where communication is censored or technology is crucial to the privacy and physical security. A study published recently identified a number of shortcomings common to...
About the security content of iTunes 12.5.1 for Windows - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...
Why WhatsApp's 'Backdoor' Isn't a Backdoor
Accusations that WhatsApp has a backdoor intended for eavesdropping on user messages is being loudly rebuked by Facebook-owned WhatsApp and Open Whisper Systems, the company that developed the underlying encryption technology for the platform. Dismissal of the published claims by The Guardian are...
Explained — What's Up With the WhatsApp 'Backdoor' Story?
What is a backdoor? By definition: "Backdoor is a feature or defect of a computer system that allows surreptitious unauthorized access to data, " either the backdoor is in encryption algorithm, a server or in an implementation, and doesn't matter whether it has previously been used or not...
Design/Logic Flaw
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this...
CVE-2016-2366
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this...
CVE-2016-2376
A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in arbitrary code execution. A malicious server or an attacker who intercepts the network traffic can send an invalid size for a packet...
CVE-2016-2376
A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in arbitrary code execution. A malicious server or an attacker who intercepts the network traffic can send an invalid size for a packet...
CVE-2016-2376
A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in arbitrary code execution. A malicious server or an attacker who intercepts the network traffic can send an invalid size for a packet...
Downloads Resources over HTTP
Overview Affected versions of windows-build-tools insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...
Man-in-the-Middle (MitM)
react-native-baidu-voice-synthesizer is vulnerable to man-in-the-middle attacks. The library downloads binaries via HTTP, potentially causing a remote code execution RCE vulnerability by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or...