Posts

Showing posts with the label vulnerabilities

Quicktime For Windows Needs To Be Uninstalled.

Image
After Trend Security Researchers discovered two new flaws in Quicktime they contacted Apple to report the issue.  Apple allegedly responded that they would not fix the issues as they were removing support for Quicktime on Windows. It is reported that even the  Department of Homeland Security’s United States Computer Emergency Readiness Team (US-CERT) has recommended Windows users uninstall this software as well.
Post a Comment
Read more

Make a date for April 12th...Microsoft release the fix for the critical Badlock vulnerability.

Image
On April 12th, 2016, a crucial security bug in Windows and Samba will be disclosed. It has been named Badlock and like Heartbleed it has its own website. Full details of the vulnerability have not been disclosed but the name and logo for once are a good indication of what to expect. Visit the official website for more information. http://badlock.org/
Post a Comment
Read more

Drown Attack - Summary

The DROWN attack (CVE-2016-0800) was m ade public last week. Drown is a Cross-protocol attack on TLS using SSLv2. it allows attackers to break the encryption and access potentially sensitive communications like passwords or credit card details. At the time of writing this, researchers have estimated that around a third of all HTTPS servers are vulnerable to this attack. For an indepth discussion on the DROWN attack please visit the site. https://drownattack.com/
Post a Comment
Read more

SSL 3.0 POODLE Vulnerability

A vulnerability in SSL version 3.0 (SSL3.0), CVE-2014-3566, known as "POODLE" was announced on 14 October 2014. This vulnerability allows the plaintext of secure connections to be calculated by a network attacker. SSL 3.0 is nearly 18 years old, but support for it remains widespread. Most importantly, nearly all browsers support SSL 3.0 and browsers will retry failed connections with older protocol versions, including SSL 3.0 to work around bugs in HTTPS servers. A network attacker can cause connection failures and because of this, they can trigger the use of SSL 3.0 and then exploit this issue. Reference material can be found here: http://googleonlinesecurity.blogspot.ie/2014/10/this-poodle-bites-exploiting-ssl-30.html Generic advisory is that SSL 3.0 should be disabled in all affected applications, in favor of the newer encryption mechanism TLS (Transport Layer Security). source text: www.ssh.com
Post a Comment
Read more