-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1841-2 secur...@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
January 31, 2010
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1982-1 secur...@debian.org
http://www.debian.org/security/ Steffen Joeris
January 29, 2010
Hi Arian,
Good points James. I read this paper a few times to make sure I got
the point, and it's a cute idea but I just don't see it happening.
Pessimism is understandable; I don't fault you for that.
For multi-node, multi-app, websites sharing auth/state/preferences
across multiple web
iPhones can be configured over the air by inviting users to download
.mobileconfig files from a URL. This feature is used by large companies and
universities to distribute various settings to a large number of iPhones.
For security reasons, these files need to be cryptographically signed to be
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
jBCrypt security advisory
=
jBCrypt is a Java implementation of OpenBSD's Blowfish password hashing
algorithm, as described in A Future-Adaptable Password Scheme by Niels
Provos and David Mazieres (USENIX, 1999).
Versions of
Checkmarx Research Labs has identified a new critical vulnerability in
Internet Explorer (other browsers are probably exposed the same way) that
would allow hackers to easily compromise web applications. Cross-Site
History Manipulation (XSHM) is a newly discovered zero-day attack: attackers
may
#
# Securitylab.ir
#
# Application Info:
# Name: Tavanmand Portal
# version: 1.1
# Vendor: http://www.tavanmand.ir
Regarding SSO - not at all. Not even remotely. It's not about
wrappers frameworks put around cookies.
Spend some time on *.yahoo* and *.google* and their partner sites, and
look at how they use both auth and personalization cookies (two
different things).
For the former there is no way to solve
#
Application: Xerox Workcenter 4150 Remote Buffer Overflow
Platforms: Xerox Workcenter 4150
Discover Date: 2009-12-21
Author: Francis Provencher (Protek Research Lab's)
Blog:
Please find attached a detailed advisory of the vulnerability.
Alternatively, the advisory can also be found at:
http://www.trapkit.de/advisories/TKADV2010-001.txt
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Advisory: Oracle Solaris UCODE_GET_VERSION IOCTL Kernel NULL
#
# Securitylab.ir
#
# Application Info:
# Name: eWebeditor
# Version: ASP
#
Vulnerability:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- ---
VMware Security Advisory
Advisory ID: VMSA-2010-0002
Synopsis: VMware vCenter update release addresses multiple
security
Hi James,
Great writeup of the state of the union for Web-based authentication
methods.
Thanks. It is far from complete in that sense, but I hope it
illustrates the frog-in-the-frying-pan state we are in with session
cookies.
As you mention, your paper is primarily an argument for fixing
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1983-1 secur...@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
January 30, 2010
Arian,
Regarding SSO - not at all. Not even remotely. It's not about
wrappers frameworks put around cookies.
That's exactly what it's about. Cookies are name value pairs sent and
received based on simple rules. Rules that happen to be poorly
standardized with few guarantees. Everything else
iDefense Security Advisory 02.01.10
http://labs.idefense.com/intelligence/vulnerabilities/
Feb 01, 2010
I. BACKGROUND
RealPlayer is an application for playing various media formats,
developed by RealNetworks Inc. Since late 2003, Real Player has been
based on the open-source Helix Player. More
XSS vulnerability in Drupal's MP3 Player contributed module (version
6.x-1.0-beta1)
Discovered by Martin Barbella martybarbe...@gmail.com
Description of Vulnerability:
-
Drupal is a free software package that allows an individual or a
community of users to easily
From the post:
Checkmarx Research Labs has identified a new critical vulnerability in
Internet Explorer (other browsers are probably exposed the same way) that
would allow hackers to easily compromise web applications.
I'm sorry if this response sounds harsh, but phrases such as critical
iDefense Security Advisory 02.01.10
http://labs.idefense.com/intelligence/vulnerabilities/
Feb 01, 2010
I. BACKGROUND
RealPlayer is an application for playing various media formats,
developed by RealNetworks Inc. Since late 2003, Real Player has been
based on the open-source Helix Player. More
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:030
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Cisco Secure Desktop XSS/JavaScript Injection
1. *Advisory Information*
Title: Cisco Secure Desktop XSS/JavaScript Injection
Advisory Id:
Summary
===
Bugzilla is a Web-based bug-tracking system, used by a large number of
software projects.
This advisory covers two security issues that have recently been
fixed in the Bugzilla code:
+ Some files stored on the web server are not correctly protected
against external
#--In The Name Of God
# Joomla (com_gambling) SQL Injection Vulnerabilities
###
#AUTHOR: md.r00t
#Mail: md.r00t.defa...@gmail.com
#Webstie: www.r00t.gigfa.com
#Forum: http://forum.aria-security.com
#
iDefense Security Advisory 02.01.10
http://labs.idefense.com/intelligence/vulnerabilities/
Feb 01, 2010
I. BACKGROUND
RealPlayer is an application for playing various media formats,
developed by RealNetworks Inc. Since late 2003, Real Player has been
based on the open-source Helix Player. More
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1984-1 secur...@debian.org
http://www.debian.org/security/Giuseppe Iuculano
January 30, 2010
Hi all;
Just backing up Tim here a bit.
In LedgerSMB 1.3, we decided to go to HTTP auth because of some
changes in the security architecture of the software. After looking
at alternatives, we concluded that http auth was likely to be the way
to go long-run. There are some constraints which
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Corel Paint Shop Pro Photo X2 FPX Heap Overflow
1. *Advisory Information*
Title: Corel Paint Shop Pro Photo X2 FPX Heap Overflow
Advisory
#
# Securitylab.ir
#
# Application Info:
# Name: RaakCms
# Vendor: http://raakcms.com
#
Vulnerability:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1985-1 secur...@debian.org
http://www.debian.org/security/Giuseppe Iuculano
January 31, 2010
29 matches
Mail list logo