access as well, but
may be less helpful for blocking microphone access.
+
Credits:
- Fraunhofer Institute for Secure Information Technology,
Security Testlab
--
Alexander Klink, Fraunhofer SIT
Forschungsbereich Anwendungs- und
candidate)|||
SQL-Ledger – several issues
===
Date released: 21.12.2009
Date reported: 28.07.2009
$Revision: 1.1 $
by Alexander Klink
Fraunhofer Institute for Secure Information Technology
alexander.kl
:
||| Security Advisory AKLINK-SA-2008-007 |||
CAcert - Cross Site Scripting
=
Date released: 29.09.2008
Date reported: 26.09.2008
$Revision: 1.1 $
by Alexander Klink
Cynops GmbH
[EMAIL PROTECTED]
https://www.cynops.de
Hi,
if you want to see some graphs on how many DNS servers are fixed at
the moment (or rather, how many are not) based on statistics I got
right from the source - a directory traversal on Dan's DNS checker
tool ;-) - head on over to http://shiftordie.de
Cheers,
Alex
--
Dipl.-Math. Alexander
: 05.10.2007
$Revision: 1.1 $
by Alexander Klink
Cynops GmbH
[EMAIL PROTECTED]
https://www.cynops.de/advisories/CVE-2007-6521.txt
(S/MIME signed: https://www.cynops.de/advisories/CVE-2007-6521-signed.txt)
https://www.klink.name/security/aklink-sa-2008-006-opera-heap-overflow.txt
http
expected that they were, but we thought it might be better
to check ;-)
A minor 13% has not been tested because they were using different
key lengths or public exponents ...
Cheers,
Alex
--
Dipl.-Math. Alexander Klink | IT-Security Engineer |[EMAIL PROTECTED]
mobile: +49 (0)178 2121703
$
by Alexander Klink
Cynops GmbH
[EMAIL PROTECTED]
https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt
(S/MIME signed:
https://www.cynops.de/advisories/AKLINK-SA-2008-003-signed.txt)
https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt
Vendor: Microsoft
Product
was reported on 11.01.2008)
$Revision: 1.1 $
by Alexander Klink
Cynops GmbH
[EMAIL PROTECTED]
https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt
(S/MIME signed:
https://www.cynops.de/advisories/AKLINK-SA-2008-004-signed.txt)
https://www.klink.name/security/aklink-sa-2008-004-office2007
$
by Alexander Klink
Cynops GmbH
[EMAIL PROTECTED]
https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt
(S/MIME signed:
https://www.cynops.de/advisories/AKLINK-SA-2008-002-signed.txt)
https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt
Vendor: Microsoft
Product
Date reported: 12.12.2007
$Revision: 1.1 $
by Alexander Klink
Cynops GmbH
[EMAIL PROTECTED]
https://www.cynops.de/advisories/CVE-2008-0556.txt
(S/MIME signed:
https://www.cynops.de/advisories/CVE-2008-0556-signed.txt)
https://www.klink.name/security/aklink-sa-2008-001-openca-xsrf.txt
to change the handling
of wildcards[0], so it is no longer enough to get that one certificate
with a subjectAltName of '*' installed.
Best regards,
Alex
[0]: http://permalink.gmane.org/gmane.comp.mozilla.crypto/8429
--
Dipl.-Math. Alexander Klink | IT-Security Engineer |[EMAIL PROTECTED
the request. Apparently, it sends 'deadbeef' though if
it can now create correct SPKAC data ... :-) Allows for 512 bit keys, too.
Proof of Concept:
- http://0x90.eu/ff_tls_poc.html
Best regards,
Alex
--
Dipl.-Math. Alexander Klink | IT-Security Engineer |[EMAIL PROTECTED]
mobile: +49 (0
in Firefox 1.5 - and
even better there, because the certificate installation does not show
any dialog at all. This reduces the visibility to a short key generation
pop up! No idea why I thought it did not work in 1.5, though.
Best regards,
Alex
--
Dipl.-Math. Alexander Klink | IT-Security
Hi Peter,
On Fri, Sep 07, 2007 at 07:31:59AM -1000, Peter Besenbruch wrote:
Alexander Klink wrote:
... I realised that you can do something with Firefox 2.0.x that
you could not do with Firefox 1.5.x: track an unsuspecting user
using TLS client certificates.
Actually, this summary
$Revision: 1.1 $
by Alexander Klink
Cynops GmbH
[EMAIL PROTECTED]
https://www.cynops.de/advisories/CVE-2007-3871.txt
(S/MIME signed: https://www.cynops.de/advisories/CVE-2007-3871-signed.txt)
https://www.klink.name/security/aklink-sa-2007-003-stampit-web-dos.txt
http
Hi,
On Mon, Jun 04, 2007 at 05:36:31AM +0200, [EMAIL PROTECTED] wrote:
It has been tested on OpenBSD 4.1 + screen 4.0.3 on x86.
How to reproduce:
Lock screen using ctrl+x
I guess you mean Ctrl+a+x?
Choose a Password
Confirm the Password
Screen asks for a Password to unlock the
Hi,
On Sun, May 06, 2007 at 05:45:45PM +0200, shadown wrote:
2- There are some vendors that are really dificult to deal with. It took me
about 4 months to get the right contact to report the bugs, and this would
be another think to think about, A public 'Vendor's Vulnerability Reporting
vulnerabilities (SQL injection, authorization issue)
Date released: 10.04.2007
Date reported: 07.03.2007
$Revision: 1.1 $
by Alexander Klink
Cynops GmbH
[EMAIL PROTECTED]
https://www.cynops.de/advisories/CVE-2007-1363.txt
Date released: 20.03.2007
Date reported: 11.03.2007
$Revision: 1.1 $
by Alexander Klink
Cynops GmbH
[EMAIL PROTECTED]
https://www.cynops.de/advisories/CVE-2007-1465.txt
(S/MIME signed: https://www.cynops.de/advisories/CVE-2007-1465
:-)
Regards,
Alex
--
Dipl.-Math. Alexander Klink | IT-Security Engineer |[EMAIL PROTECTED]
mobile: +49 (0)178 2121703 | Cynops GmbH | http://www.cynops.de
+--+-
HRB 7833, Amtsgericht | USt-Id: DE 213094986
20 matches
Mail list logo