[Full-disclosure] Practical malleability attack against CBC-Encrypted LUKS partitions

Article location: http://www.jakoblell.com/blog/2013/12/22/practical-malleability-attack-against-cbc-encrypted-luks-partitions/ I. Abstract The most popular full disk encryption solution for Linux is LUKS (Linux Unified Key Setup), which provides an easy to use encryption layer for block devic

[Full-disclosure] Multiple vulnerabilities in SMF forum software

gitimate Unicode characters in usernames (especially if you can't use the Spoofchecker class because you have to support PHP versions below 5.4.0). V. Credits Jakob Lell ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full

[Full-disclosure] Real-World CSRF attack hijacks DNS Server configuration of TP-Link routers

Advisory location: http://www.jakoblell.com/blog/2013/10/30/real-world-csrf-attack-hijacks-dns-server-configuration-of-tp-link-routers-2/ I. Introduction Today the majority of wired Internet connections is used with an embedded NAT router, which allows using the same Internet connection with s

[Full-disclosure] Quick Blind TCP Connection Spoofing with SYN Cookies

Advisory location: http://www.jakoblell.com/blog/2013/08/13/quick-blind-tcp-connection-spoofing-with-syn-cookies/ Quick Blind TCP Connection Spoofing with SYN Cookies Abstract: TCP uses 32 bit Seq/Ack numbers in order to make sure that both sides of a connection can actually receive packets fr

[Full-disclosure] CVE-2010-0624: Heap-based buffer overflow in GNU Tar and GNU Cpio

s today or in the next few days. VI. DISCLOSURE TIMELINE 2010/02/12: Vendor and major Linux Distributions notified 2010/03/10: Public disclosure VI. Credit This vulnerability has been discovered by Jakob Lell from the TU Berlin computer security working group (AGRS). http://www.agrs.tu-berlin.d