SEARCH KEYWORD -- vulnerability
Severe SSL 3.0 vulnerability to be released
According to The Register, another severe security vulnerability has been found in the widely used SSL v3 protocol. Until now, it's still in patch phase and the details of this vulnerability is expected to be released today. There are a few widely impacted security vulnerabilities revealed this year and they bring people's attention to the long existing security concerns. Previously, we have seen the HeartBleed issue and also the recently ShellShock issue. Both of them occur in popular libraries...
SSL,Security vulnerability, The Register 2014-10-14 22:22:39
A new SSL 3.0 vulnerability named POODLE is released
Today a new SSL v3 security vulnerability is released by Google and it affects all products which is using SSL v3 protocol as this vulnerability is introduced by a design flaw. Google revealed details of the design flaw on Tuesday, and dubbed it POODLE – short for Padding Oracle On Downgraded Legacy Encryption. It is a blunder within the blueprints of SSL 3.0 rather than a software bug, so it affects any product following the protocol – from Google Chrome and Mozilla Firefox to Micro...
SSL v3, vulnerability, Google, POODLE 2014-10-15 04:48:59
30 minutes to fix Java vulnerability
On September 25, Adam Gowdiak from the Polish security consulting firm Security Explorations submitted a Java security vulnerability to Oracle and provided a proof-of-concept. The vulnerability exists in Java 5 6,7, once the user accesses hosted malware site, an attacker can remotely control the infected machine.Gowdiak later got in touch again with Oracle and got the response that the fix has reached the final stage. He can expect the patch in four months later. He eventually unbearable Oracle'...
Java, Vulnerability,Fix 2012-10-29 11:53:43
Oracle released an urgent Java patch
On March 23, Oracle just released an urgent Java patch which is out of its normal update schedule. The security vulnerability is related to the Java SE running in web browsers on desktops. The CVE ID for this issue is CVE-2016-0636. With the unpatched Java, attackers can remotely exploit the target system without username and credentials. Successful exploits can impact the availability, integrity, and confidentiality of the user's system. When the user access pages containing malicious code...
A serious security vulnerability found in MySQL/MariaDB
Recently a serious security vulnerability was found in MySQL/MariaDB. It relates to the access to the database. The issue is described below.When a user connects to MariaDB/MySQL, a token (SHA over a password and a random scramble string) is calculated and compared with the expected value. Because of incorrect casting, it might've happened that the token and the expected value were considered equal, even if the memcmp() returned a non-zero value. In this case MySQL/MariaDB would think that the p...
How to Prevent a Data Breach: Guide For Businesses
The consequences of a data breach are nothing to joke about. From reputation damage to regulatory fines, it is a disaster for any business. So you should always strive to do your best to prevent it. But with so many steps to take, where do you even begin? Businesses of all shapes and sizes should follow this 8-step approach: 1. Outline Your Assets Your assets, whether digital or physical, should always remain in your sight. It should be the very first step you take. Picture anything that might r...
DATA SECURITY 2020-03-04 08:16:44
Is 99.8% Secure Secure?
A group of researchers (Arjen Lenstra and collaborators from EPFL Lausanne and James Hughes from Palo Alto) published a study, Ron was wrong Whit is right, of new vulnerabilities of cryptosystems. The New York Times picked up the story. Although Lenstra et al discuss several cryptosystems, their results are particularly relevant to those based on RSA. The title mirrors their conviction that cryptosystems based on a single random element have fewe...
Security,Percentage,Security index 2012-02-27 04:48:06
25 worst passwords in 2012
Weak password is a serious security vulnerability, but the majority of network users still use some universal simple character sequences as the password. SplashData recently announced the world's worst password list in 2012. "password","123456" and "12345678" are still at top places, while others have varying, some new passwords like "welcome" "Jesus" "ninja","mustang"and "password1 "are in the list. With the risk of password loss, SplashData CEO Morgan Slain said we hoped netw...
Open source code libraries suffer from vulnerabilities
A study of how 31 popular open source code libraries were downloaded over the past 12 months found that more than a third of the 1,261 versions of these libraries had a known vulnerability and about a quarter of the downloads were tainted. The study was undertaken by Aspect Security, which evaluates software for vulnerabilities, with Sonatype, a firm that provides a central repository housing more than 300,000 libraries for downloading open source components and gets 4 billion requests pe...
Open source,Security,Vulnerability 2012-03-28 06:10:19
Secure Your Go Code With Vulnerability Check Tool
Security vulnerabilities exist in any language and any code, some are written by ourselves, but more are from the upstream dependencies, even the underlying Linux. We have discussed the security protection methods for Go and Kubernetes Image in Path to a Perfect Go Dockerfile and Image Vulnerability Scanning for Optimal Kubernetes Security, in which the security scanning was performed based on generic. As the Go community grows, more and more open-source packages have caused ...
GOVULNCHECK,GOSEC,GOLANG 2022-10-29 23:43:20
RECENT
- Tips for Socializing With Friends During College
- Proximity Cards Do More Than Just Open Doors
- How to choose quality painted auto parts
- Oval engagement rings from MoonOcean: Elegance of form and individual approach
- Hologres vs AWS Redshift
- GoLand connect to Hologres
- A journey to investigate a goroutine leakage case
- Understanding Slice Behavior in Go
- Breaking Barriers: How 3D Printing is Democratizing Product Development
- The Power of Efficiency: 10 Practical Energy-Saving Tips for Tech Startups
- more>>