Kateqoriya Arxiv: vulnerability

Superfish 2.0: Harmful Certificates on Dell Laptops Breaks Encrypted HTTPS Connections

Üzrə | Oktyabr 5, 2017

tl;dr Dell laptops come preinstalled with a root certificates and a corresponding personal key. That fully compromises the safety of encrypted HTTPS connections. I’ve supplied an online check, affected customers ought to delete the certificate. It appears that Dell hasn’t discovered something from the Superfish-scandal earlier this yr: Laptops from the corporate include a preinstalled… Read More »

A Little POODLE Left in GnuTLS (old Versions)

Üzrə | Oktyabr 5, 2017

tl;dr Older GnuTLS variations (2.x) fail to examine the primary byte of the padding in CBC modes. Numerous secure Linux distributions, together with Ubuntu LTS and Debian wheezy (oldstable) use this model. Present GnuTLS variations usually are not affected. A few days in the past an email on the ssllabs mailing list catched my consideration.… Read More »

Don’t Depart Coredumps on Internet Servers

Üzrə | Oktyabr 5, 2017

Coredumps are a characteristic of Linux and different Unix methods to research crashing software program. If a software program crashes, for instance on account of an invalid reminiscence entry, the working system can save the present content material of the application’s reminiscence to a file. By default it’s merely known as core. While that is… Read More »

Pwncloud Dangerous Crypto Within the Owncloud Encryption Module

Üzrə | Oktyabr 5, 2017

The Owncloud net utility has an encryption module. I first turned conscious of it when a press launch was printed promoting this encryption module containing this: Imagine you’re an IT group utilizing business normal AES 256 encryption keys. Shall we say that a vulnerability is discovered within the algorithm, and also you now want to… Read More »

And Then I Noticed the Password Within the Stack Trace

Üzrə | Oktyabr 5, 2017

I wish to inform just a little story right here. I’m normally comparatively savvy in IT safety points. But I used to be made aware of a fairly extreme mistake immediately that precipitated a safety challenge in my net web page. I wish to be taught from errors, however perhaps additionally others can be taught… Read More »

Passwords Within the Bug Studies (Owncloud/Nextcloud)

Üzrə | Oktyabr 5, 2017

A whereas in the past I wished to report a bug in one in all Nextcloud’s apps. They use the Github difficulty tracker, after creating a model new difficulty I used to be welcomed with an extended listing of issues they wished to learn about my set up. I crammed the information to one of… Read More »

Məsləhət açığı cve-2016-6662: Bu Yaxınlarda MySQL Kodu İcrasının/İmtiyaz Açığı Sıfır Günü

Üzrə | Sentyabr 30, 2016

Əvvəllər bu həftə, müstəqil tədqiqatçı, açıq aşkar ciddi Açığı MySQL. Bu, çox məşhur bir açıq mənbə DBMS istifadə olunur ki, bir çox təşkilatlar və verilənlər bazası idarə etmək üçün, бэкенд və veb-saytlar. Konseptual kodu ilə təqdim edilib çərçivəsində açıqlanması. Bu, konkret təyin cve-2016-6662, one of two serious… Read More »

Microsoft Patches IE/Edge Zero-day Used in AdGholas Malvertising Campaign

Üzrə | Sentyabr 30, 2016

Special thanks to @kafeine In July 2016, we worked with @kafeine of Proofpoint to help bring down the AdGholas malvertising campaign. This campaign started operating in 2015, which affected a million users per day during its peak before it was shut down earlier this year. It used the Angler and Neutrino exploit kits to attack victims.… Read More »