-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 261-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
March 14th, 2003
Mom and Pop use this software, your English teacher uses this software,
probably even your local baker... This is a case of Vendor vs. User... I
Thank PivX for helping the Community and WE must help out our users.
You can almost bet the that the users of the Tax program use IE to surf the
Dan Boneh and I have been researching timing attacks against software
crypto libraries. Timing attacks are usually used to attack weak
computing devices such as smartcards. We've successfully developed and
mounted timing attacks against software crypto libraries running on
general purpose PC's.
.
20030314 snapshot should fix these.
EPIC4 1.0.1
---
This is the PRODUCTION release which you should be using.
1) EPIC has grown max. input line of server from the old 4096 to 8192, but
without growing BIG_SERVER_BUFFER from 4096. There's at least one place
where you can overflow
Hello,
I would like to bring to your notice a certain vulnerability that has
existed in Win 9x platforms for many years and now in Win2k/XP. Most of
us our familiar with password revealers and password stealing trojans.
Though flaws in Windows Messaging API have been show before this one
Security advisory
Issue: GiantRat Mailer exposes plain text PoP password
Date: 03/13/03
Vendor first notified: Febuary 2003
Affected versions: All (tested v3.1, 2.x, 1.x
ABOUT GiantRat Mailer:
GiantRat Mailer is an innovative email client that has settings for the sight-impaired
and has
Hmmm - I originally didn't want to take part in that discussion, but we
are seeing more and more Vulnerabilities reported about sensitive
Information in Files not being obscured by some crypto.
Let's start out with the latest comments:
What could help our users is a default simple encryption
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenPKG Security AdvisoryThe OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
[EMAIL PROTECTED]
-BEGIN PGP SIGNED MESSAGE-
//@(#) Mordred Security Labs advisory
Release date: March 15, 2003
Name: Texis sensitive information leak
Versions affected: all versions
Risk: average
Author: Sir Mordred ([EMAIL PROTECTED], http://mslabs.iwebland.com)
I. Description:
Thunderstone is an
Greetings,
We have run into a problem this afternoon with the copy of
ocget.dll that is located at:
http://codecs.microsoft.com/objects/ocget.dll
It seems that it is either signed improperly, or not at all.
This .dll is loaded automatically by IE when .cab files are
downloaded from the
Andreas Beck [EMAIL PROTECTED] writes:
2) If 1) cannot be done for some reason, use _strong_ encryption to
_encrypt_ the data. XORing them with wrdlbrmft will just make an
attacker laugh, assuming he is just a bit smarter than a piece of wood.
Never just obfuscate the passwords by
Project: Filebased guestbook.
Author:Copyright (c) Urs [EMAIL PROTECTED]
Version: 1.1.3
Update:17-09-2002
Homepage: http://www.circle.ch/scripts/
This PHP guest book script is vulnerable to hostile cross scripting in the
'comment' section of guest book posts. Comments span across
Hi,
I have read both of the original advisories, and all of the replies
on this subject, and nobody yet has properly assessed AND
emphasized the actual risk associated with this tax software.
Lots of software programs do not encrypt sensitive data, but what
makes this tax software different,
To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
__
SCO Security Advisory
Subject:Linux: KDE rlogin.protocol and telnet.protocol url kio
Vulnerability
Advisory number:
14 matches
Mail list logo