Nextcloud: Directory Listing On download.nextcloud.com & Practical Attacks on PGP (Pretty Good Privacy)

Sir, I have found a major bug in your website : That Is Directory listing & Practical Attacks On PGP signature affected area https://download.nextcloud.com/server/ here is my poc F100081 Poc Details: The web server is configured to display the list of files contained in this directory. As a resul...

Microsoft Giving .NET Users The Option to Shed RC4

Microsoft didn’t beat around the bush when it warned customers to stay away from the deprecated RC4 algorithm last fall. Now it’s giving those who use its .NET software framework an option to disable the cipher in Transport Layer Security TLS as well. In a security advisory issued on its Security...

Microsoft Warns Customers Away From RC4, SHA-1

The RC4 and SHA-1 algorithms have taken a lot of hits in recent years, with new attacks popping up on a regular basis. Many security experts and cryptographers have been recommending that vendors begin phasing the two out, and Microsoft on Tuesday said that is now recommending to developers that...

Security Advisory 2868725: Recommendation to disable RC4

In light of recent research into practical attacks on biases in the RC4 stream cipher, Microsoft is recommending that customers enable TLS1.2 in their services and take steps to retire and deprecate RC4 as used in their TLS implementations. Microsoft recommends TLS1.2 with AES-GCM as a more secur...

Debian DSA-1605-1 : glibc - DNS cache poisoning

Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS spoofing and cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting. %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the...