Monthly Archives: April 2016

NVD

CVE-2015-0265

Cross-site scripting (XSS) vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header.

NVD

CVE-2015-0266

The Policy Admin Tool in Apache Ranger before 0.5.0 allows remote authenticated users to bypass intended access restrictions via direct access to module URLs.

NVD

CVE-2016-0735

Apache Ranger 0.5.x before 0.5.2 allows remote authenticated users to bypass intended parent resource-level access restrictions by leveraging mishandling of a resource-level exclude policy.

Hackers News

Forensic Firm that Unlocked Terrorist's iPhone 5C is Close to Crack iPhone 6

The FBI didn’t disclose the identity of the third-party company that helped them access the San Bernardino iPhone, but it has been widely believed that the Israeli mobile forensic firm Cellebrite was hired by the FBI to put an end to the Apple vs. FBI case.

For those unfamiliar in the Apple vs. FBI case: Apple was engaged in a legal battle with the Department of Justice over a court order

Hackers News

What is Certificate Transparency? How It helps Detect Fake SSL Certificates

Do you know there is a huge encryption backdoor still exists on the Internet that most people don’t know about?

I am talking about the traditional Digital Certificate Management System… the weakest link, which is completely based on trust, and it has already been broken several times.

To ensure the confidentiality and integrity of their personal data, billions of Internet users blindly