Clik here to view.
Another update on the Truecrypt audit
There's a story on Hacker News asking what the hell is going on with Truecrypt audit. I think that's a fair question, since we have been awfully quiet lately. To everyone who donated to the project,...
View ArticleClik here to view.
Paper: Glibc Adventures: The Forgotten Chunks- exploitation of heap overflows...
This technical whitepaper showcases the exploitation of heap overflows in Linuxsystems, often considered hard or impossible to exploit with current state-of-the-artmitigation technologies in place....
View ArticleClik here to view.
CVE-2015-1349: BIND - A Problem with Trust Anchor Management Can Cause named...
BIND servers which are configured to perform DNSSEC validation and which are using managed-keys (which occurs implicitly when using "dnssec-validation auto;" or "dnssec-lookaside auto;") may terminate...
View ArticleClik here to view.
Lenovo installs adware on customer laptops and compromises ALL SSL
A pretty shocking thing came to light this evening – Lenovo is installing adware that uses a “man-in-the-middle” attack to break secure connections on affected laptops in order to access sensitive data...
View ArticleClik here to view.
Memory corruption in multiple camera drivers (CVE-2014-4321, CVE-2014-4324,...
The following security vulnerability has been identified in the QuIC-authored camera drivers.more...
View ArticleClik here to view.
Paper: A Tangled Mass: The Android Root Certificate Stores
The security of today’s Web rests in part on the set of X.509 certificateauthorities trusted by each user’s browser. Users generallydo not themselves configure their browser’s root store but...
View ArticleClik here to view.
Using Google Cloud Platform for Security Scanning- Beta
Deploying a new build is a thrill, but every release should be scanned for security vulnerabilities. And while web application security scanners have existed for years, they’re not always well-suited...
View ArticleClik here to view.
pemcrack
Cracks SSL PEM files that hold encrypted private keys. Brute forces or dictionary cracksmore here..........https://github.com/robertdavidgraham/pemcrack
View ArticleClik here to view.
What President Obama is getting wrong about encryption
President Obama tried to walk a very fine line on encryption, the technology that secures much of the communications that occur online, during his recent visit to Silicon Valley -- saying that he is a...
View ArticleClik here to view.
JSDialers: apps that call premium numbers (with new techniques) on Google Play
Last year was discovered in Google Play pretty malware "Made in Spain" trying to automatically subscribe to premium SMS services. For some time, the problem has subsided, and hard to find specimens of...
View ArticleClik here to view.
Announcing a Specification for Hack
Today we are excited to announce the availability of the initial specification for the Hack programming languagemore here.........http://hhvm.com/blog/8537/announcing-a-specification-for-hack
View ArticleClik here to view.
THE GREAT SIM HEIST: HOW SPIES STOLE THE KEYS TO THE ENCRYPTION CASTLE
AMERICAN AND BRITISH spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone...
View ArticleClik here to view.
Just another day at the office: A ZDI analyst’s perspective on ZDI-15-030
Many of us here at the ZDI are blessed to look the world’s best vulnerability research coming from researchers around the world. For those of us who work at the ZDI, it’s literally nothing but...
View ArticleClik here to view.
Hacker Claims Feds Hit Him With 44 Felonies When He Refused to Be an FBI Spy
A year ago, the Department of Justice threatened to put Fidel Salinas in prison for the rest of his life for hacking crimes. But before the federal government brought those charges against him, Salinas...
View ArticleClik here to view.
Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS...
Over the last few years, there have been several serious attacks onTransport Layer Security (TLS), including attacks on its most commonly used ciphers and modes of operation. This document summarizes...
View ArticleClik here to view.
Netflix SURUS: Robust Anomaly Detection (RAD) on Big Data
Outlier detection can be a pain point for all data driven companies, especially as data volumes grow. At Netflix we have multiple datasets growing by 10B+ record/day and so there’s a need for automated...
View ArticleClik here to view.
Understanding CVE-2015-0310 Flash vulnerability
The Flash vulnerability CVE-2015-0310 is fixed in recent patch from Adobe. The vulnerability is in RegEx result parsing code. The vulnerability affects all the version below 16.0.0.287 and patched on...
View ArticleClik here to view.
Examining the Cybercrime Underground, Part 1: Crypters
Crypters are software tools that use a combination of encryption, obfuscation, and code manipulation of malware to make them FUD (Fully Undetectable) by legacy security products.To understand the role...
View ArticleClik here to view.
You've Got to Trust Your Vm Host|Or: Why Disc Encryption Won’t Save You
There’s a persistent meme floating around that full-disc encryption of your VM’s discs will save you if some three-letter agency comes knocking on the door of your VM host and demands your data. This...
View ArticleClik here to view.
Superphish script to silently intercept SSL on computers infected with...
This script will silently intercept SSL connections made from computers infected with Superfish malware on the local network. All traffic will be logged into 'superphish.log'. Works in three...
View Article