Varanoid.com

VU#967332: GNU C Library (glibc) __nss_hostname_digits_dots() function vulnerable to buffer overflow 0

VU#967332: GNU C Library (glibc) __nss_hostname_digits_dots() function vulnerable to buffer overflow

Vulnerability Note VU#967332 GNU C Library (glibc) __nss_hostname_digits_dots() function vulnerable to buffer overflow Original Release date: 28 Jan 2015 | Last revised: 28 Jan 2015 Overview The __nss_hostname_digits_dots() function of the GNU C Library (glibc) allows a buffer overflow condition in which arbitrary code may be executed. This vulnerability has been assigned CVE-2015-0235, and is referred to in the media by the name “GHOST”. Description According to Qualys, the vulnerability is “a buffer overflow in the __nss_hostname_digits_dots() function of the GNU C Library ( glibc ).

Adobe Flash Update Available for CVE-2015-0311 & -0312, (Wed, Jan 28th) 0

Adobe Flash Update Available for CVE-2015-0311 & -0312, (Wed, Jan 28th)

Adobe has released an update to the Flash vulnerability CVE-2015-0311 discussed earlier this week here on the ISC . The update released from Adobe addresses Flash vulnerabilities documented in CVE-2015-0311 CVE-2015-0312, which now has exploits being seen in the wild. Given that we are seeing exploits in the wild, the criticality of this exploit should be re-evaluated for prioritization and implementation.

Image becstats-600x201.png 0

FBI: Businesses Lost $215M to Email Scams

It’s time once again to update my Value of a Hacked Email Account graphic: According to a recent alert from the FBI, cyber thieves stole nearly $215 million from businesses in the last 14 months using a scam that starts when business executives or employees have their email accounts hijacked. Federal investigators say the so-called “business email compromise” (BEC) swindle is a sophisticated and increasingly common scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments.

Subconscious Keys 0

Subconscious Keys

I missed this paper when it was first published in 2012: “Neuroscience Meets Cryptography: Designing Crypto Primitives Secure Against Rubber Hose Attacks” Abstract : Cryptographic systems often rely on the secrecy of cryptographic keys given to users. Many schemes, however, cannot resist coercion attacks where the user is forcibly asked by an attacker to reveal the key. These attacks, known as rubber hose cryptanalysis , are often the easiest way to defeat cryptography