The ‘Perfect Storm’ of Disinformation and Hacking

We live in an age of fake news, misinformation and disinformation. Recently, we have been falling for it – mostly. That is largely thanks to a confluence of social media, hacking and good old fashion disinformation campaigns, according to Matt “Pwn all the Things” Tait, a senior cybersecurity...

Facebook Hires Ex-Yahoo CISO Alex Stamos

Facebook has hired away the top security executive at Yahoo, Alex Stamos, to become the company’s new CSO. Stamos said Wednesday that he is joining Facebook because he believes the company is in the best position to address some of the large security challenges facing users and companies right no...

TrueCrypt Audit Cryptanalysis Handed Off to NCC Group

The stagnant TrueCrypt audit stirred to life in the last 24 hours with the announcement that the second phase of the audit, tasked with examining the cryptography behind the open source disk encryption software, will begin shortly. NCC Group’s Cryptography Services has been contracted to do the...

Cryptanalysis Remains for TrueCrypt Audit

Phase two of the TrueCrypt audit figures to be a labor-intensive, largely manual cryptanalysis, according to the two experts behind the Open Crypto Audit Project OCAP. Matthew Green, crypto expert and professor at Johns Hopkins University, said a small team of experts will have to, by hand, exami...

First Phase of TrueCrypt Audit Turns Up No Backdoors

A initial audit of the popular open source encryption software TrueCrypt turned up fewer than a dozen vulnerabilities, none of which so far point toward a backdoor surreptitiously inserted into the codebase. A report on the first phase of the audit was released today by iSEC Partners, which was...

DSA-2652-1 libxml2 - external entity expansion

Bulletin has no description...

Don Bailey and Nick D' on GSM Hacking and Privacy

Dennis Fisher talks with Don Bailey of iSec Partners and Nick D’, an independent security researcher, about their recent work on geolocation and tracking of GSM mobile handsets and the privacy and security implications for users. Podcast audio courtesy of sykboy65 Subscribe to the Digital...

Adobe Flash Multiple Vulnerabilities

iSEC Partners Security Advisory - 2008-01-flash -------------------------------------------- Adobe Flash Multiple Vulnerabilities Vendor: Adobe, Inc. Vendor URL: http://www.adobe.com Versions affected: Flash Player 9.0.124.0 and earlier, AIR 1.1, Flash CS4 Professional, Flash CS3 Professional, Fl...

iSEC Partners Security Advisory - 2008-002-lenovornr - Lenovo Rescue and Recovery 4.20

iSEC Partners Security Advisory - 2008-002-lenovornr https://www.isecpartners.com -------------------------------------------- Lenovo Rescue and Recovery Local Kernel Overflow Vendor: Lenovo Vendor URL: http://www.lenovo.com Versions affected: 4.20 Systems Affected: Windows XP, Windows Vista...

GLSA-200707-12 : VLC media player: Format string vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200707-12 VLC media player: Format string vulnerabilities David Thiel from iSEC Partners Inc. discovered format string errors in various plugins when parsing data. The affected plugins include Vorbis, Theora, CDDA and SAP. Impact ...

libvorbis 1.1.2 - Multiple memory corruption flaws

iSEC Partners Security Advisory - 2007-003-libvorbis http://www.isecpartners.com -------------------------------------------- libvorbis 1.1.2 - Multiple memory corruption flaws Vendor: Xiph.org Vendor URL: http://www.xiph.org Systems Affected: All tested software based upon libvorbis 1.1.2...

flac123 0.0.9 - Stack overflow in comment parsing

iSEC Partners Security Advisory - 2007-002-flactools http://www.isecpartners.com -------------------------------------------- flac123 0.0.9 - Stack overflow in comment parsing Vendor URL: http://flac-tools.sourceforge.net/ Severity: High Allows for arbitrary code execution Author: David Thiel...

VLC 0.8.6b format string vulnerability & integer overflow

iSEC Partners Security Advisory - 2007-001-vlc http://www.isecpartners.com ---------------------------------------------- VLC 0.8.6b format string vulnerability & integer overflow Vendor: VideoLan Vendor URL: http://www.videolan.org Systems Affected: Confirmed on Windows XP, FreeBSD 6.2, MacOS X...

CVE-2006-6353

Multiple unspecified vulnerabilities in BOMArchiveHelper in Mac OS X allow user-assisted remote attackers to cause a denial of service application crash via unspecified vectors related to 1 certain KERNPROTECTIONFAILURE thread crashes and 2 certain KERNINVALIDADDRESS thread crashes, as discovered...

CVE-2006-6353

Multiple unspecified vulnerabilities in BOMArchiveHelper in Mac OS X allow user-assisted remote attackers to cause a denial of service application crash via unspecified vectors related to 1 certain KERNPROTECTIONFAILURE thread crashes and 2 certain KERNINVALIDADDRESS thread crashes, as discovered...

CVE-2006-6353

The CVE-2006-6353 entry affects Mac OS X, specifically the BOMArchiveHelper component. The vulnerability is described as multiple unspecified issues that allow user-assisted remote attackers to cause a denial of service (application crash). The impact is limited to availability (PARTIAL) with no ...