Blogs

Security Team creates a Rogue CA by targeting MD5 weaknesses

http://www.win.tue.nl/hashclash/rogue-ca/

A group that presented at the the Chaos Communication Congress in Berlin
showed the ability to convert a non-CA certificate into a CA
certificate, breaking the trust of the PKI.

This was done by using a large array of fast computers (200 Playstation
3's) in order to create a CSR that would force a weakly signed
Certificate. This certificate normally would not be allowed to sign
other CSRs.

Security Team creates a Rogue CA by targeting MD5 weaknesses

http://www.win.tue.nl/hashclash/rogue-ca/

A group that presented at the the Chaos Communication Congress in Berlin
showed the ability to convert a non-CA certificate into a CA
certificate, breaking the trust of the PKI.

This was done by using a large array of fast computers (200 Playstation
3's) in order to create a CSR that would force a weakly signed
Certificate. This certificate normally would not be allowed to sign
other CSRs.

Security Team creates a Rogue CA by targeting MD5 weaknesses

http://www.win.tue.nl/hashclash/rogue-ca/

A group that presented at the the Chaos Communication Congress in Berlin
showed the ability to convert a non-CA certificate into a CA
certificate, breaking the trust of the PKI.

This was done by using a large array of fast computers (200 Playstation
3's) in order to create a CSR that would force a weakly signed
Certificate. This certificate normally would not be allowed to sign
other CSRs.

Zero day (2008-12-10) exploit for Internet Explorer (961051)

http://www.microsoft.com/technet/security/advisory/961051.mspx
http://isc.sans.org/diary.html?storyid=5458

This vulnerability affects Internet Explorer in XP SP3, Vista SP0, SP1,
and Server 2008.

This vulnerability was not fixed in MS08-073 which was released
2008-12-09 (patch Tuesday).

Multiple vulnerabilities found in Drupal Core

http://drupal.org/user/124982

This bug affects the update mechanism in Drupal. Via cross site
scripting, a malicious user may be able to cause the superuser to
execute old updates that may damage the database.

Upgrading to 5.13 or 6.7 will mitigate the bug. Alternatively, a patch
is available that will fix this bug, although it will not update other
non-security fixes in the code.

Multiple vulnerabilities found in Drupal Core <5.13 and <6.7

http://drupal.org/user/124982

This bug affects the update mechanism in Drupal. Via cross site
scripting, a malicious user may be able to cause the superuser to
execute old updates that may damage the database.

Upgrading to 5.13 or 6.7 will mitigate the bug. Alternatively, a patch
is available that will fix this bug, although it will not update other
non-security fixes in the code.

Zero day (2008-12-10) exploit for Internet Explorer (961051)

http://www.microsoft.com/technet/security/advisory/961051.mspx
http://isc.sans.org/diary.html?storyid=5458

This vulnerability affects Internet Explorer in XP SP3, Vista SP0, SP1,
and Server 2008.

This vulnerability was not fixed in MS08-073 which was released
2008-12-09 (patch Tuesday).

Multiple vulnerabilities found in Drupal Core <5.13 and <6.7

http://drupal.org/user/124982

This bug affects the update mechanism in Drupal. Via cross site
scripting, a malicious user may be able to cause the superuser to
execute old updates that may damage the database.

Upgrading to 5.13 or 6.7 will mitigate the bug. Alternatively, a patch
is available that will fix this bug, although it will not update other
non-security fixes in the code.

Multiple vulnerabilities in Adobe Acrobat Reader [Fwd: [sns.ias.edu #1633]

http://secunia.com/advisories/29773/
http://www.kb.cert.org/vuls/id/593409

Multiple vulnerabilities in Adobe Acrobat/Reader in versions <8.1.3
could lead to arbitrary code execution when a user opens a malicious PDF
file.

There are known exploits for these vulnerabilities. Users should use
caution when opening PDF files and upgrade to version 8.1.3 or 9 of
Adobe Acrobat/Reader.

Pages