Explainable PQC: A Layered Interpretive Framework for Post-Quantum Cryptographic Security Assumptions

This paper studies how post-quantum cryptographic PQC security assumptions can be represented and communicated through a structured, layered framework that is useful for technical interpretation but does not replace formal cryptographic proofs. We propose "Explainable PQC,'' an interdisciplinary...

Important: nerdctl

Issue Overview: Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to...

Zero Trust and the Case for Application Microsegmentation

Data breaches have become incessant. Recently, a very popular airline sevices company revealed a suspected breach involving customer credit card information. Even more recently, a hospital in Indiana reported that a virus had infected some of its systems that caused the hospital to be placed on...

Drawing Outside the Box: Precision Issues in Graphic Libraries

By Mark Brand and Ivan Fratric, Google Project Zero In this blog post, we are going to write about a seldom seen vulnerability class that typically affects graphic libraries though it can also occur in other types of software. The root cause of such issues is using limited precision arithmetic in...

CVE-2018-1113

setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pamshells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstance...

Input validation

DISPUTED The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt...

CVE-2017-9230

The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt numbers. Th...

CVE-2017-9230

The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt numbers. Th...

PT-2017-18795 · Bitcoin · Bitcoind

Name of the Vulnerable Software and Affected Versions: Bitcoin affected versions not specified Description: The Bitcoin Proof-of-Work algorithm has an issue related to 80-byte block headers with varying initial 64-byte chunks followed by the same 16-byte chunk, and multiple candidate root values...