DROWN Flaw Opens 33 Percent Of HTTPS Connections To Attack

Researchers revealed a massive transport layer security TLS vulnerability today that leaves millions of Internet users vulnerable to an attack that could expose passwords, credit card numbers and financial data. OpenSSL and others are urging companies to patch their web servers or risk exposure t...

Vulnerability in OpenSSL - Cross-protocol attack on TLS using SSLv2 (DROWN)

A cross-protocol attack was discovered that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. Note that traffic between clients and non-vulnerable servers can be decrypted provided another server supporting...

Kaspersky Internet Security 2013 - Denial of Service

Kaspersky Internet Security 2013 - Denial of Service I usually do not write security advisories unless absolutely necessary. This time I should, however I have neither the time, nor the desire to do so. But Kaspersky did not react, so ... quick and dirty: Kaspersky Internet Security 2013 and any...

GLSA-200503-29 : GnuPG: OpenPGP protocol attack

The remote host is affected by the vulnerability described in GLSA-200503-29 GnuPG: OpenPGP protocol attack A flaw has been identified in an integrity checking mechanism of the OpenPGP protocol. Impact : An automated system using GnuPG that allows an attacker to repeatedly discover the outcome of...

PuTTY: Pre-authentication arbitrary code execution

Background PuTTY is a free implementation of Telnet and SSH for Win32 and Unix platforms, along with an xterm terminal emulator. Description PuTTY contains a vulnerability allowing a malicious server to execute arbitrary code on the connecting client before host key verification. Impact When...