Tagged: microsoft

Can the NSA Break Microsoft’s BitLocker? 0

Can the NSA Break Microsoft’s BitLocker?

The Intercept has a new story on the CIA’s — yes, the CIA, not the NSA — efforts to break encryption. These are from the Snowden documents, and talk about a conference called the Trusted Computing Base Jamboree. There are some interesting documents associated with the article, but not a lot of hard information.

Thumbnail 0

Microsoft Releases March 2015 Security Bulletin

Original release date: March 10, 2015 Microsoft has released updates to address Windows vulnerabilities as part of the Microsoft Security Bulletin Summary for March 2015. These vulnerabilities could allow remote code execution, spoofing, security feature bypass, denial of service, elevation of privilege, or disclosure of information. US-CERT encourages users and administrators to review Microsoft Security Bulletin Summary MS15-MAR and apply the necessary updates

Thumbnail 0

VU#243585: SSL/TLS implementations accept export-grade RSA keys (FREAK attack)

Vulnerability Note VU#243585 SSL/TLS implementations accept export-grade RSA keys (FREAK attack) Original Release date: 06 Mar 2015 | Last revised: 06 Mar 2015 Overview Some implementations of SSL/TLS accept export-grade (512-bit or smaller) RSA keys even when not specifically requesting export grade ciphers. An attacker able to act as a Man-in-The-Middle (MiTM) could factor weak temporary RSA keys, obtain session keys, and decrypt SSL/TLS trafflc. This issue has been dubbed the “FREAK” (Factoring Attack on RSA-EXPORT Keys) attack

Thumbnail 0

FTC Details the Top 10 Imposter Scams of 2014

Original release date: March 02, 2015 The Federal Trade Commission (FTC) has released an advisory describing the top 10 reported imposter scams for 2014. Scam operators often impersonate individuals, companies, and organizations to entice targets to participate in fraudulent financial transactions

Samba Remote Code Execution Vulnerability 0

Samba Remote Code Execution Vulnerability

Original release date: February 24, 2015 Linux and Unix based operating systems employing Samba versions 3.5.0 through 4.2.0rc4 contain a vulnerability in the Server Message Block daemon (smbd). Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. US-CERT recommends users and administrators refer to their respective Linux OS vendor(s) for an appropriate patch if affected