Author: Perry Varanoid

Subconscious Keys 0

Subconscious Keys

I missed this paper when it was first published in 2012: “Neuroscience Meets Cryptography: Designing Crypto Primitives Secure Against Rubber Hose Attacks” Abstract : Cryptographic systems often rely on the secrecy of cryptographic keys given to users. Many schemes, however, cannot resist coercion attacks where the user is forcibly asked by an attacker to reveal the key. These attacks, known as rubber hose cryptanalysis , are often the easiest way to defeat cryptography

Apple Releases Security Updates for OS X, Safari, iOS and Apple TV 0

Apple Releases Security Updates for OS X, Safari, iOS and Apple TV

Original release date: January 27, 2015 Apple has released security updates for OS X, Safari, iOS and Apple TV to address multiple vulnerabilities, one of which could allow a remote attacker to take control of an affected system. Updates available include: OS X v10.10.2 and Security Update 2015-001 for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10 and v10.10.1 Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3 for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.1 iOS 8.1.3 for iPhone 4s and later, iPod touch 5th generation and later, and iPad 2 and later Apple TV 7.0.3 for Apple TV 3rd generation and later US-CERT encourages users and administrators to review Apple security updates HT204244 , HT204243 ,  HT204245 and HT204246 , and apply the necessary updates

New Critical GLibc Vulnerability CVE-2015-0235 (aka GHOST), (Tue, Jan 27th) 0

New Critical GLibc Vulnerability CVE-2015-0235 (aka GHOST), (Tue, Jan 27th)

Qualys discovered a criticalbuffer overflow in the gethostbyname() and gethostbyname2() functions in glibc. According to the announcement by Qualys, they were able to create an in-house exploit that will execute arbitrary code via the Exim”> glibcbefore version 2.18 (released August ) is vulnerable. You can quickly check your glibc version by using ldd –version”> These glibc”> What should you do: Apply this update as soon as you see patched offered by your Linux/Unix distribution

Linux "Ghost" Remote Code Execution Vulnerability 0

Linux "Ghost" Remote Code Execution Vulnerability

Original release date: January 27, 2015 The Linux GNU C Library (glibc) versions prior to 2.18 are vulnerable to remote code execution via a vulnerability in the gethostbyname function. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system