November 2024 S M T W T F S 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 Blog Stats
- 75,561 hits
Tag Archives: vulnerability
Mars Rover Susceptible to Integer Overflow Vulnerability
The Mars Rover has parts that run on VxWorks, and with that, bring some vulnerabilities. The Integer Overflow vulnerability was in the OS which allows targeting a specific part of the operating system and write to memory on the machine running. … Continue reading
Posted in Security Blog
Tagged Integer Overflow Vulnerability, Mars Rover, vulnerability, VxWorks
Comments Off on Mars Rover Susceptible to Integer Overflow Vulnerability
Windows Vulnerable to FREAK
Microsoft confirms that most production versions of Windows are susceptible to the FREAK vulnerability in schannel (secure channel), where an attacker can force a downgrade in the SSL and then perform a man-in-the-middle attack. I last reported that FREAK only … Continue reading
Posted in Security Blog
Tagged 2015, Apple iPhone, FREAK, Google Android, man-in-the-middle, Microsoft Windows, mitm, openssl, rsa, ssl, tls, vulnerability
Comments Off on Windows Vulnerable to FREAK
Factoring attack on RSA-EXPORT Keys (FREAK)
Researchers disclosed a new SSL/TLS vulnerability — the FREAK attack. The vulnerability allows attackers to intercept HTTPS connections between vulnerable clients and servers and force them to use ‘export-grade’ cryptography, which can then be decrypted or altered. The ssl3_get_key_exchange function … Continue reading
Posted in Security Blog
Tagged 2015, Apple iPhone, FREAK, Google Android, man-in-the-middle, mitm, openssl, rsa, ssl, tls, vulnerability
Comments Off on Factoring attack on RSA-EXPORT Keys (FREAK)
Ghost to the Shell
During a code audit, researchers at Qualys discovered a buffer overflow in the __nss_hostname_digits_dots() function of glibc which can get access to the shell. The GHOST vulnerability is a serious weakness in the Linux glibc library. It allows attackers to … Continue reading
Posted in Security Blog
Tagged 2015, gethost, GHOST, Linux, qualys, vulnerability
Comments Off on Ghost to the Shell
Honeywell Point-of-Sale Systems Buffer Overflow Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Honeywell OPOS Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific … Continue reading
Posted in Security Blog
Tagged 2014, credit card, honeywell, overflow, point-of-sale, vulnerability
Comments Off on Honeywell Point-of-Sale Systems Buffer Overflow Vulnerability
OS X 10.10 rootpipe
rootpipe, a privilege escalation vulnerability in OS X version 10.10, allows attackers to completely bypass logging in and gaining the highest administration privilege on a Mac. To protect against it, create a new admin user and remove the admin rights … Continue reading
Posted in Security Blog
Tagged 2014, mac, OS X, remote code execution, root pipe, rootpipe, vulnerability
Comments Off on OS X 10.10 rootpipe
SSL 3.0 POODLE
Google security researchers have disclosed a vulnerability in SSL 3.0 that allows attackers to determine the plaintext of secure connections. Attackers can use the flaw to trigger network faults to push browsers back to the 15 year-old platform. POODLE is … Continue reading
Posted in Security Blog
Tagged 2014, Google, man-in-the-middle, mitm, openssl, Padding Oracle On Legacy Downgraded Encryption, POODLE, ssl, tls, v3, vulnerability, vulnerable websites
Comments Off on SSL 3.0 POODLE
BERserk Vulnerability
If you use FireFox or Chrome as a web browser, it is time to update them. The Mozilla Network Security Services (NSS) crypto library, a collection of cryptographic algorithms used for a variety of Internet standards currently allows for attackers … Continue reading
Posted in Security Blog
Tagged 2014, browser, chrome, firefox, phishing, vulnerability
Comments Off on BERserk Vulnerability