Monthly Archives: March 2015

NVD

CVE-2015-1637 (windows_2003_server, windows_7, windows_8, windows_8.1, windows_rt, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_vista)

Leave a comment

Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the “FREAK” issue.

Security

Confusion Reigns Over FBI’s Plans for National Security Letter Gag Orders

Leave a comment

The way that National Security Letters are approved and used is one of the government’s more opaque processes. Now, you can add some more confusion into the mix, courtesy of some new comments from the FBI about when recipients are able to disclose the fact that they have received an NSL. More than a year […]

Security

Adobe Starts Vulnerability Disclosure Program on HackerOne

Leave a comment

Adobe launched its first vulnerability disclosure program this week. It will use the HackerOne platform and will not pay out bounties, instead researchers can bulk up their HackerOne reputation scores. Only vulnerabilities in Adobe web applications or web-based services are in scope.