HackDig : Dig high-quality web security articles for hacker

A string could be used to crash Google Chrome

It seems incredible, but as already happened for Skype it is possible to crash the latest version of Google Chrome with a simple tiny URL. The flaw was discovered last week by the expert Andris Atteka who filed also a bug report. “Recently I reported a crash bug in Google Chrome (issue #533361). This issue reminded me of
Publish At:2015-09-20 13:55 | Read:3225 | Comments:0 | Tags:Breaking News Hacking bug Chrome Pierluigi Paganini Security

OpenSSL Issues Fix for High-Severity Alternative Chains Certificate Forgery (CVE-2015-1793)

OpenSSL has released an advisory urging users to update their systems in the wake of a high-severity alternative chains certificate forgery bug.“During certificate verification, OpenSSL (starting from version 1.0.1n and 1.0.2b) will attempt to find an alternative certificate chain if the first attempt to build such a chain fails,” the advisory re
Publish At:2015-07-09 12:30 | Read:1872 | Comments:0 | Tags:Latest Security News Bug CA OpenSSL vulnerability

Beware of the text message that crashes iPhones

There's yet another iOS bug that causes Apple devices to crash when they receive text messages containing a string of special characters. With further finessing, the same exploit may be able to attack Macs, since OS X is also unable to process the same combination of characters, which are technically known as glyphs.The menacing combination of ASCII and
Publish At:2015-05-27 19:00 | Read:3356 | Comments:0 | Tags:Infinite Loop Risk Assessment Technology Lab bug denial-of-s

iPhone Crash: What You Need To Know

TL;DR Receiving a specially crafted text message with lock screen message notification enabled crashes the iPhone. An interesting thread has emerged from the popular website Reddit. A user posted that sending a message containing special characters would cause the receiving iPhone to crash. We were able to replicate this bug in iOS 8.3, and the comment th
Publish At:2015-05-27 15:25 | Read:3372 | Comments:0 | Tags:Mobile Security bug iPhone Mobile

FREAK SSL Bug Forces Security Makers to Scramble for a Fix

On March 3, security researchers noted that an age-old SSL bug—in existence for more than 10 years—allows hackers under the right conditions to exploit a man-in-the-middle attack and gain access to potentially sensitive information. FREAK (Factoring RSA-EXPORT Keys) SSL relies on outdated ‘export grade’ cryptography settings, which are still contained within
Publish At:2015-03-11 01:45 | Read:2332 | Comments:0 | Tags:Featured ThreatTrack Security Labs bug FREAK rsa SSL web bro

CVE-2014-0195: Adventures in OpenSSL’s DTLS Fragmented Land

Earlier this year, details of a remote code execution bug in OpenSSL’s DTLS implementation were published. The following is a look at the bug, its process and the different ways attackers might leverage it for exploitation: Vulnerability On a high level, the bug allows writing past the end of a buffer allocated in the heap, allowing application data or
Publish At:2014-12-08 17:40 | Read:3343 | Comments:0 | Tags:IBM X-Force Software & App Vulnerabilities Bug DTLS IBM X-Fo

Microsoft Plugs Winshock, a ‘Critical’ 19-Year-Old RCE Bug

Yesterday, Microsoft patched a significant vulnerability that has been exploitable in every version of Windows since Windows 95.Robert Freeman, Manager of IBM X-Force, a research team that analyzes attack vectors across multiple industries, first discovered the CVE-2014-6332 vulnerability back in May of this year. Since then, IBM and Microsoft have been coll
Publish At:2014-11-12 19:35 | Read:2592 | Comments:0 | Tags:Top Security Stories Bug microsoft Patch Tuesday vulnerabili

SSL 3.0 漏洞 – POODLE 錯誤 (AKA POODLEbleed)

在安全通訊端層 (Secure Sockets Layer,SSL) 3.0 加密通訊協定 (SSLv3) 中發現一項錯誤,該錯誤可能會造成通訊協定遭到入侵,以攔截電腦與伺服器之間本應加密處理的資料。三名 Google 安全研究員發現這項瑕疵,並詳述如何透過所謂的 Padding Oracle On Downgraded Legacy Encryption (POODLE,貴賓狗) 攻擊 (CVE-2014-3566) 進行入侵。值得注意的是,這「並非」SSL 憑證、其私密金鑰或設計上的瑕疵,而是舊版 SSLv3 通訊協定上既有的問題。SSL 憑證不會受到影響,而擁有支援 SSL 3.0 的伺服器憑證之客戶也無須更換憑證。據信這項錯誤並不如 OpenSSL
Publish At:2014-11-05 06:50 | Read:5300 | Comments:0 | Tags:Security Security Community Blog Web Security.cloud Website

The SSL 3.0 Vulnerability – POODLE Bug (AKA POODLEbleed)

A bug has been found in the Secure Sockets Layer (SSL) 3.0 cryptography protocol (SSLv3) which could be exploited to intercept data that’s supposed to be encrypted between computers and servers. Three Google security researchers discovered the flaw and detailed how it could be exploited through what they called a Padding Oracle On Downgraded Lega
Publish At:2014-10-16 01:45 | Read:3251 | Comments:0 | Tags:Security Website Security Solutions Website Security Solutio

Watch Out! iOS 8 ‘Reset All Settings’ Bug Could Wipe your iCloud Files

It may seem blasphemous for iPhone fanatics to question the safety of iOS, but increasingly cracks appear to be forming in the previously-considered, comparatively safe harbour of Apple.In just the last few weeks, we've had Apple Macs recruited into botnets by Reddit-driven malware, jailbroken iPhones targeted by "fully operation Chinese iOS Trojans," and a
Publish At:2014-10-07 22:30 | Read:2949 | Comments:0 | Tags:Security & Privacy bug iCloud iCloud Drive iOS 8 Reset All S

How to check if you are vulnerable to shellshock

The most new and dangerous bug around it’s the one called “shellshock”, this is a security bug in the widely used Unix Bash shell which was disclosed on 24 September 2014. Many Internet daemons, such as web servers, use Bash to process certain commands, allowing an attacker to cause vulnerable versions of Bash to execute arbitrary commands.
Publish At:2014-09-30 01:10 | Read:3294 | Comments:0 | Tags:Guides News attackers bash bug computers linux server web sh

Apple pulls iOS 8.0.1 update, tells users to roll back to iOS 8

On Wednesday, Apple released iOS 8.0.1 - an update to its major new mobile operating system - and thereby knocked cellular service out and disabled Touch ID for many users of its latest iPhone 6 and 6 Plus gadgets.Users were unhappy and to add insult to injury, many of them couldn't even use their phones to gripe at Apple, as Twitter users moaned:Rich DeMuro
Publish At:2014-09-26 03:40 | Read:2939 | Comments:0 | Tags:Apple Featured iOS Mobile Bug HealthKit iOS 8 iPhone 6 iPhon

Firefox sneaks out an "inbetweener" update, with security improvements rather than fixes

Here's a quick note to remind all Firefox users that Mozilla just snuck out a point release.Usually, if everything goes according to plan, Firefox updates appear every six weeks.The last major update delivered version 32.0 on Mozilla's most recent Fortytwosday (2014-09-03).But if needs must, Mozilla delivers in-between updates, too.That's what has happened h
Publish At:2014-09-14 22:20 | Read:2900 | Comments:0 | Tags:Featured Firefox Vulnerability Bug DOS fortytwosday rce SSL

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud