I'd start here:
http://www.cvedetails.com/vulnerability-list/vendor_id-9705/product_id-17354/opec-1/Pango-Pango.html
But if you are looking for specific examples, I don't know any.
What you are looking for is bugs in the font rendering libraries, which
are system dependent.
On 12/15/2015
Thanks to whoever is keeping track of this. It's important work, and
the latest Spiegel release is direct evidence of the fact that a lot of
information of extreme importance is hidden from the public.
On 31.12.2014 14:01, John Young wrote:
Free: 577,131 documents (millions of pages) informing
On 05/07/2014 08:31 AM, Joshua Hill wrote:
On Mon, May 05, 2014 at 10:37:48PM +0200, Marcus Brinkmann wrote:
It is well known that the DES S-Boxes were specifically designed (by the
NSA, no less, back in the good ol' days) to protect against that attack.
This was the lore for years after
On 05/07/2014 05:56 AM, Tony Arcieri wrote:
- malloc/free + separate process for crypto
- malloc/free + mlock/munlock + secure zeroing
- mmap/munmap (+ mlock/munlock)
Separate process protects from a different threat than mlock/munlock
(the latter prevents swapping out the pages to the swap
On 05/05/2014 09:08 PM, Givon Zirkind wrote:
A question about DES. Did anyone ever try map or graph the routes
through the S-boxes? I mean pictorially. Do the routes produce some
kind of wave or path, that have (or have not) relationships with the
other routes?
This is a vague question,
On 05/05/2014 10:37 PM, Marcus Brinkmann wrote:
On 05/05/2014 09:08 PM, Givon Zirkind wrote:
A question about DES. Did anyone ever try map or graph the routes
through the S-boxes? I mean pictorially. Do the routes produce some
kind of wave or path, that have (or have not) relationships
On 05/06/2014 01:20 AM, Bernie Cosell wrote:
On 6 May 2014 at 8:35, Dave Horsfall wrote:
On Mon, 5 May 2014, Marcus Brinkmann wrote:
It is well known that the DES S-Boxes were specifically designed (by
the
NSA, no less, back in the good ol' days) to protect against that
attack.
If I
On 05/01/2014 10:25 AM, Ben Laurie wrote:
On 1 May 2014 08:19, James A. Donald jam...@echeque.com wrote:
On 2014-04-30 02:14, Jeffrey Goldberg wrote:
On 2014-04-28, at 5:00 PM, James A. Donald jam...@echeque.com wrote:
Cannot outsource trust Ann usually knows more about Bob than a distant
On 05/02/2014 01:33 PM, ianG wrote:
For me the sentence, “I had little choice but to trust X” is perfectly
coherent.
Yes, that still works. It is when it goes to no choice that it fails.
For example, I have no choice but to use my browser for online banking.
I'm too far from a branch,
On 04/30/2014 02:59 PM, d...@geer.org wrote:
As is so often found, there are multiple nuanced definitions of a
word, trust being the word in the current case.
Simply as a personal definition, trust is that state wherein I accept
assertions at face value and do so because I have effective
On 04/25/2014 06:28 PM, Tony Arcieri wrote:
On Fri, Apr 25, 2014 at 1:42 AM, Peter Gutmann
pgut...@cs.auckland.ac.nz mailto:pgut...@cs.auckland.ac.nz wrote:
As with let's replace C with My Pet Programming Language, you can
write crap in any language you want. The problem isn't the
On 12/21/2013 10:04 PM, Eduardo Robles Elvira wrote:
The obvious problem with this is that namecoin doesn't have all the
domain names already registered assigned to the current owners, and
there's no arbitration authority that can prevent domain cibersquatting.
This is not a weakness of
On 12/22/2013 12:58 PM, James A. Donald wrote:
On 2013-12-22 19:44, Marcus Brinkmann wrote:
The solution to this is that names should not claimed, they should be
given by the community that values the association. Neither DNS nor
namecoin allows for that, so both are inadequate. As an example
On 07/30/2013 01:07 PM, ianG wrote:
It might be important to get this into the record for threat modelling.
The suggestion that normally-purchased hardware has been compromised by
the bogeyman is often poo-pooed, and paying attention to this is often
thought to be too black-helicopterish to
On 05/26/2012 08:01 AM, Peter Gutmann wrote:
Marsh Ray ma...@extendedsubset.com writes:
Perhaps someone who knows German can better interpret it.
The government was asked are encrypted communications creating any
difficulties for law enforcement in terms of pursuing criminals and
Hi,
On 02/07/2012 03:52 AM, Steven Bellovin wrote:
http://arstechnica.com/business/guides/2012/02/google-strips-chrome-of-ssl-revocation-checking.ars
While I am no fan of CRLs, I think it's worth mentioning that Google's
primary objective here does not at all seem to be the security of
On 02/07/2012 11:51 AM, Ben Laurie wrote:
The security argument itself seems very weak. There is no evidence yet that
the alternative strategy that Google proposes, namely letting them control
the CRL list (and thus another part of the internet infrastructure), is any
safer for the user in the
On 02/07/2012 01:36 PM, ianG wrote:
On 7/02/12 20:56 PM, Marcus Brinkmann wrote:
Hi,
On 02/07/2012 03:52 AM, Steven Bellovin wrote:
http://arstechnica.com/business/guides/2012/02/google-strips-chrome-of-ssl-revocation-checking.ars
While I am no fan of CRLs, I think it's worth mentioning
On 01/03/2012 04:08 AM, John Levine wrote:
unsusual, so if I were a scalper, I'd have a network of web proxies,
to make it hard to tell that they're all me, a farm of human CAPTCHA
breakers in Asia who cost maybe 5c per CAPTCHA, a large set of
employees, friends, and relatives who will let me
On 01/02/2012 06:58 PM, Jeffrey Walton wrote:
I was reading CAPTCHA: Using Hard AI Problems For Security by Ahn,
Blum, Hopper, and Langford (www.captcha.net/captcha_crypt.pdf).
I understand how recognition is easy for humans and hard for computer
programs.
But is that really true?
My
20 matches
Mail list logo