Free ASP Scripts, PHP Scripts, Java Scripts, Tools and Utilities

Search for Free Scripts:
ScriptDungeon | Free ASP Scripts | Free PHP Scripts | Free Java Scripts | Free Tools and Utilities | News | Free Web Hosting

Insecure.org BugTraq


Insecure.org BugTraq

Re: OpenID/Debian PRNG/DNS Cache poisoning advisory - On Fri, Aug 08, 2008 at 02:08:37PM -0400, Perry E. Metzger wrote: > The kerberos style of having credentials expire very quickly is one > (somewhat less imperfect) way to deal with such things, but it is far ...

Re: OpenID/Debian PRNG/DNS Cache poisoning advisory - On Fri, Aug 8, 2008 at 7:54 PM, Tim Dierks <timatdierks.org> wrote: > Using this Bloom filter calculator: , plus the > fact that there are 32,768 weak keys for every key type & size, I get ...

Re: OpenVMS fingerd remote stack overflow - > On Thu, Aug 07, 2008 at 12:08:53AM 0100, Shaun Colley wrote: >> The MultiNet finger service runs on port 79 by default (like other finger >> servers) and takes a username to query. A long string (250 or so bytes) ...

Re: OpenID/Debian PRNG/DNS Cache poisoning advisory - At Fri, 08 Aug 2008 10:43:53 -0700, Dan Kaminsky wrote: > Eric Rescorla wrote: > > It's easy to compute all the public keys that will be generated > > by the broken PRNG. The clients could embed that list and refuse ...

Re: OpenID/Debian PRNG/DNS Cache poisoning advisory - "Ben Laurie" <benlatgoogle.com> writes: >> It's easy to compute all the public keys that will be generated >> by the broken PRNG. The clients could embed that list and refuse >> to accept any certificate containing one of them. So, this ...

New paper: An Illustrated Guide to the Kaminsky DNS Vulnerability - Hello listmates, I've written a paper on the latest DNS security fun, and this covers the matter in pretty good detail, including a deep dive into how DNS works - all with lots of illustrations. This may provide the background to help understand it all... ...

Re: OpenID/Debian PRNG/DNS Cache poisoning advisory - Eric Rescorla wrote: > At Fri, 8 Aug 2008 17:31:15 0100, > Dave Korn wrote: > >> Eric Rescorla wrote on 08 August 2008 16:06: >> >> >>> At Fri, 8 Aug 2008 11:50:59 0100, >>> Ben Laurie wrote: >>> ...

Re: OpenID/Debian PRNG/DNS Cache poisoning advisory - Eric Rescorla <ekratnetworkresonance.com> writes: >It's easy to compute all the public keys that will be generated >by the broken PRNG. The clients could embed that list and refuse >to accept any certificate containing one of them. So, this >is distinct from CRLs in that it doesn't require knowing ...

RE: OpenID/Debian PRNG/DNS Cache poisoning advisory - Eric Rescorla wrote on 08 August 2008 17:58: > At Fri, 8 Aug 2008 17:31:15 0100, > Dave Korn wrote: >> >> Eric Rescorla wrote on 08 August 2008 16:06: >> >>> At Fri, 8 Aug 2008 11:50:59 0100, >>> Ben Laurie wrote: ...

RE: OpenID/Debian PRNG/DNS Cache poisoning advisory - On Fri, 8 Aug 2008, Dave Korn wrote: > Isn't this a good argument for blacklisting the keys on the client > side? Isn't that exactly what "Browsers must check CRLs" means in this context anyway? What alternative client-side blacklisting mechanism do you suggest? ...

[ GLSA 200808-09 ] OpenLDAP: Denial of Service vulnerability - - - Gentoo Linux Security Advisory GLSA 200808-09 - - - - Severity: Low Title: OpenLDAP: Denial of Service vulnerability Date: August 08, 2008 Bugs: #230269 ID: 200808-09 - - Synopsis A flaw in OpenLDAP allows remote unauthenticated attackers to cause a ...

[DSECRG-08-035] Local File Include Vulnerability in Gallery 1.5.7, 1.6-alpha3 - Digital Security Research Group [DSecRG] Advisory #DSECRG-08-035 Application: Gallery Versions Affected: 1.5.7, 1.6-alpha3 Vendor URL: Bug: Local File Include Exploits: YES Reported: 14.07.2008 Vendor response: 15.07.2008 Solution: YES Date of Public Advisory: 08.08.2008 Authors: Digital Security Research Group [DSecRG] (research [at] dsec [dot] ru) Description *********** ...

Re: [OpenID] OpenID/Debian PRNG/DNS Cache poisoning advisory - On 8-Aug-08, at 10:11 AM, Ben Laurie wrote: > > It also only fixes this single type of key compromise. Surely it is > time to stop ignoring CRLs before something more serious goes wrong? Clearly many implementors have chosen to *knowingly* ignore CRLs ...

[ GLSA 200808-08 ] stunnel: Security bypass - - - Gentoo Linux Security Advisory GLSA 200808-08 - - - - Severity: Low Title: stunnel: Security bypass Date: August 08, 2008 Bugs: #222805 ID: 200808-08 - - Synopsis stunnel does not properly prevent the authentication of a revoked ...

Re: OpenID/Debian PRNG/DNS Cache poisoning advisory - On Fri, Aug 8, 2008 at 5:57 PM, Eric Rescorla <ekratnetworkresonance.com> wrote: > At Fri, 8 Aug 2008 17:31:15 0100, > Dave Korn wrote: >> >> Eric Rescorla wrote on 08 August 2008 16:06: >> >> > At Fri, 8 Aug 2008 11:50:59 0100, >> > Ben Laurie wrote: ...




ScriptDungeon | Free ASP Scripts | Free PHP Scripts | Free Java Scripts | Free Tools and Utilities | News | Free Web Hosting


© 2003-2008  ScriptDungeon.com - SiteMap - Contact Us - Terms of Use - Links