Monthly Archives: April 2016

Debian

DSA-3547 imagemagick – security update

Several vulnerabilities were discovered in Imagemagick, a program suite for
image manipulation. This update fixes a large number of potential security
problems such as null-pointer access and buffer-overflows that might lead
to memory leaks or denial of service. None of these security problems have
a CVE number assigned.

Full Disclosure

end of useable crypto in browsers?

Posted by Árpád Magosányi on Apr 09

Hi,

This is not a security vulnerability in itself, “just” a trend
undermining the trust architecture of the whole internet 🙂

I think it is very important, and wonder why I don’t see any discussion
of it. If this is not the right forum to discuss it, please direct me to
the right place.

The problem is:

Browser developers are dropping support for X509 key generation.
Yes, <keygen> have its problems. But window.crypto -…

Hackers News

No Password Required! 135 Million Modems Open to Remote Factory Reset

More than 135 Million modems around the world are vulnerable to a flaw that can be exploited remotely to knock them offline by cutting off the Internet access.

The simple and easily exploitable vulnerability has been uncovered in one of the most popular and widely-used cable modem, the Arris SURFboard SB6141, used in Millions of US households.

Security researcher David Longenecker

Hackers News

WordPress enables Free HTTPS Encryption for all Blogs with Custom Domain

Do you own a custom domain or a blog under the wordpress.com domain name?
If yes, then there is good news for you.
WordPress is bringing free HTTPS to every blog and website that belongs to them in an effort to make the Web more secure.
WordPress – free, open source and the most popular a content management system (CMS) system on the Web – is being used by over a quarter of all websites across