Signal’s Creator Is Helping Encrypt Meta AI

Moxie Marlinspike says the technology powering his encrypted AI chatbot, Confer, will be integrated into Meta AI. The move could help protect the AI conversations of millions of people...

Signal Adds Cryptocurrency Support

According to Wired, Signal is adding support for the cryptocurrency MobileCoin, "a form of digital cash designed to work efficiently on mobile devices while protecting users privacy and even their anonymity." Moxie Marlinspike, the creator of Signal and CEO of the nonprofit that runs it, describe...

moxie-shoes.com XSS vulnerability

Open Bug Bounty ID: OBB-577646 Description| Value ---|--- Affected Website:| moxie-shoes.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Docebo LMS 6.9 - (Moxie) API Calls RST RCE Vulnerability

Document Title: =============== Docebo LMS 6.9 - Moxie API Calls RST RCE Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1888 Video: http://www.vulnerability-lab.com/getcontent.php?id=1892 Release Date: ============= 2016-08-02 Vulnerabilit...

Docebo LMS 6.9 - (Moxie) API Calls RST RCE PoC

Document Title: =============== Docebo LMS 6.9 - Moxie API Calls RST RCE PoC References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1892 PoC Video: https://www.youtube.com/watch?v=YF57jTPESgQ Advisory: http://www.vulnerability-lab.com/getcontent.php?id=1888 Release Date:...

Docebo LMS 6.9 - (Moxie) API Calls RST RCE PoC

Document Title: =============== Docebo LMS 6.9 - Moxie API Calls RST RCE PoC References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1892 PoC Video: https://www.youtube.com/watch?v=YF57jTPESgQ Advisory: http://www.vulnerability-lab.com/getcontent.php?id=1888 Release Date:...

Docebo LMS 6.9 - (Moxie) API Calls RST RCE Vulnerability

Document Title: =============== Docebo LMS 6.9 - Moxie API Calls RST RCE Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1888 Video: http://www.vulnerability-lab.com/getcontent.php?id=1892 Release Date: ============= 2016-08-01 Vulnerabilit...

Signal 2.0 — Free iPhone App for Encrypted Calls and Texts

An open source software group, Open Whisper Systems, has announced the release of Signal 2.0 — the second version of its free and open source messaging application for iPhone and iPad users. Signal app is specifically designed to make secure and easy-to-use encrypted voice calling. But that’s wha...

WhatsApp Adds Encryption by Default to Android App

WhatsApp, a massively popular messaging app, recently added end-to-end encryption for some mobile clients, a move that brings a high level of security to millions of users. The change is the result of a partnership with Open Whisper Systems, the secure text and mobile OS company started by securi...

New Signal App Brings Encrypted Calling to iPhone

iPhone users concerned about government surveillance efforts putting unencrypted calls at risk now have a free app at their disposal that brings secure communication to the Apple phone. Open WhisperSystems, developers of RedPhone for Android, have developed a similar app for iPhone called Signal,...

Moxie Marlinspike on TextSecure CyanogenMod integration

Moxie Marlinspike Moxie Marlinspike has published landmark research on SSL vulnerabilities, taken on certificate authorities and even built an alternative to CAs as we know them today called Convergence. But now that government surveillance and online privacy have been elevated to mainstream...

TextSecure Integrated into CyanogenMod SMS App for Android

With the depths of domestic government surveillance still not fully realized, secure communications capabilities are at a premium, especially for the privacy conscious. Already, we’ve seen some services such as Lavabit and Silent Circle’s Silent Mail shudder operations rather than hand over...

Groundbreaking Cyber Fast Track Research Program Ending

VANCOUVER–When Peiter Zatko, the security researcher and pioneering hacker known as Mudge, joined the federal government several years ago to help run a DARPA research program, some in the security industry wondered what effect someone with his background could have in an organization as famously...

SuSE 11 Security Update : Mozilla (SAT Patch Number 1304)

Mozilla Thunderbird was updated to version 2.0.0.23. The release fixes one security issue: MFSA 2009-42 / CVE-2009-2408: IOActive security researcher Dan Kaminsky reported a mismatch in the treatment of domain names in SSL certificates between SSL clients and the Certificate Authorities CA which...

Moxie Marlinspike Leaving Twitter Security Team

Twitter has been collecting a lot of security talent in the last year or so, but now a major piece of the company’s security team is leaving. Moxie Marlinspike, the creative security and privacy researcher who founded Whisper Systems, which was acquired by Twitter in 2011, said on Friday that he ...

Researcher Charlie Miller Joins Twitter Security Team

Twitter quietly is assembling a serious security team, with the most recent addition being Charlie Miller, the security researcher known for finding a long line of bugs in the iPhone and other Apple products. Miller, a respected and prolific researcher, will join the social network’s security tea...

Scientific Linux Security Update : seamonkey on SL3.x i386/x86_64

CVE-2009-2404 nss regexp heap overflow Moxie Marlinspike reported a heap overflow flaw in a regular expression parser in the NSS library provided by SeaMonkey used to match common names in certificates. A malicious website could present a carefully-crafted certificate in such a way as to trigger...

New Tool From Moxie Marlinspike Cracks Some Crypto Passwords

Moxie Marlinspike, the security and privacy researcher known for his SSLStrip, Convergence and RedPhone tools, has released a new tool that can crack passwords used for some VPNs and wireless networks that rely on encryption using Microsoft’s MS-CHAPv2 protocol. Marlinspike discussed the tool...

Moxie Marlinspike on TACK, Convergence and Trust Agility

Dennis Fisher talks with Moxie Marlinspike about his new IETF proposal, TACK, which lays out a way for sites to assert the authenticity of their public keys. They also discuss the Convergence system for replacing the CA infrastructure and the ways in which browser vendors can help enable better...

Black Hat: SSL and the Future of Authenticity

The inherent problems with the certificate authority infrastructure have been known for a long time, but they’ve become even more obvious with the news of the recent compromise of DigiNotar, which resulted in the issuance of a slew of fraudulent SSL certificates. In this talk from the Black Hat U...