Tag Archives: English

Onseker Updates in Joomla Vroeër As 3.6

By | October 9, 2017

In die begin van April het ek berig veiligheid kwessies met die vervang loop van die veiligheid kontak van Joomla. Terwyl die probleem is vasgemaak in Joomla 3.6, die kommunikasie loop van die was verwyder van ideale. Die onderwerp self is redelik maklik: Tot die afgelope tyd Joomla gaan haal besonderhede oor sy updates oor ongeënkripteerde en unauthenticated HTTP... Lees Meer »

TLS Onderskepping Gedink het Van die Gevaarlike – Video En Skyfies

By | October 9, 2017

Op die jongste Chaos Kommunikasie Kamp ek het'n chat opsomming van die kwessies met TLS onderskepping of Man-in-die-Middel gevolmagtigdes. Dit was aanvanklik gemotiveer deur die voorkoms van Superfish en my eie ondersoeke op Privdog, maar ek het ontdek voor maand nou dat dit dalk'n veel groter nadeel. Ek gebruik om te wees verstom... Lees Meer »

Nul Dae En Vrag Kultus Wetenskap

By | October 9, 2017

Ek het gekla voor nou oor die gebrek aan streng wetenskap in die reuse-elemente van die IT-sekuriteit. Tog daar is nie enige gebrek van stories en publikasies wat verklaar om te bied inligting oor hierdie ruimte. Onlangs RAND Maatskappy, 'n VSA-gebaseerde aanvaar tenk, gedrukte'n verslag oor die nul-dag probleme. Baie individue vol lof vir dit, 'n artikel... Lees Meer »

Superfish 2.0: Harmful Certificates on Dell Laptops Breaks Encrypted HTTPS Connections

By | October 5, 2017

tl;dr Dell laptops come preinstalled with a root certificates and a corresponding personal key. That fully compromises the safety of encrypted HTTPS connections. I’ve supplied an online check, affected customers ought to delete the certificate. It appears that Dell hasn’t discovered something from the Superfish-scandal earlier this yr: Laptops from the corporate include a preinstalled… Lees Meer »

A Little POODLE Left in GnuTLS (old Versions)

By | October 5, 2017

tl;dr Older GnuTLS variations (2.x) fail to examine the primary byte of the padding in CBC modes. Numerous secure Linux distributions, together with Ubuntu LTS and Debian wheezy (oldstable) use this model. Present GnuTLS variations usually are not affected. A few days in the past an email on the ssllabs mailing list catched my consideration.… Lees Meer »

The Drawback with OCSP Stapling And Should Staple And Why Certificates Revocation Continues to Be Broken

By | October 5, 2017

Today the OCSP servers from Lets Encrypt have been offline for a while. This has precipitated way more hassle than it ought to have, as a outcome of in principle we’ve got all of the applied sciences out there to deal with such an incident. Nonetheless resulting from failures in how they’re carried out they… Lees Meer »

What Acquired Us Into the SHA1 Deprecation Mess?

By | October 5, 2017

Important notice: After I revealed this textual content Adam Langley pointed out that a main assumption is incorrect: Android 2.2 really has no issues with SHA256-signed certificates. I checked this myself and in an emulated Android 2.2 instance I used to be in a position to join with a website with a SHA256-signed certificates. I… Lees Meer »

Safer Use Of C CodeWorking Gentoo with Tackle Sanitizer

By | October 5, 2017

Update: After I wrote this weblog put up it was an open query for me whether or not utilizing Tackle Sanitizer in manufacturing is a good suggestion. A current analysis posted on the oss-security mailing list explains intimately why utilizing Asan in its present type is nearly actually not a good suggestion. Having any suid… Lees Meer »

Don’t Depart Coredumps on Internet Servers

By | October 5, 2017

Coredumps are a characteristic of Linux and different Unix methods to research crashing software program. If a software program crashes, for instance on account of an invalid reminiscence entry, the working system can save the present content material of the application’s reminiscence to a file. By default it’s merely known as core. While that is… Lees Meer »

Pwncloud Dangerous Crypto Within the Owncloud Encryption Module

By | October 5, 2017

The Owncloud net utility has an encryption module. I first turned conscious of it when a press launch was printed promoting this encryption module containing this: Imagine you’re an IT group utilizing business normal AES 256 encryption keys. Shall we say that a vulnerability is discovered within the algorithm, and also you now want to… Lees Meer »