Re: [FD] TrueCrypt 7.1 repos on GitHub - forking starting point

On Fri, 30 May 2014 15:00:39 -0500, Brandon Perry wrote: >2) Do you trust these users to understand the codebase thoroughly enough >and understand cryptography enough to not introduce stupid crypto bugs? >That is a huge caveat. It is - but it¹s also the risk you run with any open source crypt

Re: [FD] TrueCrypt 7.1 repos on GitHub - forking starting point

On 30/05/2014 21:00, Brandon Perry wrote: > Two issues with this: > > 1) TrueCrypt wasn't free as in freedom, it was free as in beer. These forks > break the license afaik. Not seeing this to be honest. I have taken a look at the 3.0 licence (applicable to 7.1a), and can't see any real reason to st

Re: [FD] TrueCrypt?

On 30/05/2014 14:40, Philip Cheong wrote: > So a good friend of mine explained... > > *"...to suspect a "National Security Letter" from the FBI is just stupid. It is indeed stupid, but not for that reason. The issue we have with the current TC builds is that they are not reproducible. The source

[FD] [CVE-2014-2577] XSS on Transform Foundation Server 4.3.1 and 5.2 from Bottomline Technologies

I. VULNERABILITY - Reflected XSS Attacks vulnerabilities in Transform Foundation server 4.3.1 and 5.2 from Bottomline Technologies II. BACKGROUND - Bottomline offers powerful, next-generation electronic document solutions for formatting, personali

[FD] Is Your Antivirus Tracking You? You'd Be Surprised At What It Sends

http://www.makeuseof.com/tag/antivirus-tracking-youd-surprised-sends/ ___ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/

[FD] Bug in bash <= 4.3 [security feature bypassed]

Hi everyone, Recently we discovered a bug in bash. After some time after reporting it to bash developers, it has not been fixed. We think that this is a security issue because in some circumstances the bash security feature could be bypassed allowing the bash to be a valid target shell in an att

[FD] CVE-2014-1226 s3dvt Root shell (still)

CVE-2014-1226 s3dvt Root shell (still) About s3dvt: s3dvt is part of the 3d network display server which can be used as 3d desktop environment. Vulnerability: The s3dvt developers forgot to review all the code. There is still a vulnerable function as in the previous CVE-2013-6825. At the da

[FD] CVE-2013-6825 DCMTK Root Privilege escalation

CVE-2013-6825 DCMTK Root Privilege escalation About DCMTK: DCMTK is a collection of libraries and applications implementing large parts the DICOM standard. It includes software for examining, constructing and converting DICOM image files, handling offline media, sending and receiving images over

[FD] CVE-2013-6876 s3dvt Root shell

CVE-2013-6876 s3dvt Root shell About s3dvt: s3dvt is part of the 3d network display server which can be used as 3d desktop environment. Vulnerability: A vulnerability in s3dvt for versions prior to 0.2.2 allows to obtain a root shell. Details, patches, discussion and strategy to exploit at:

[FD] GoAgent vulnerabilities: CA cert with known private key, TLS MITM

There is an HTML version of this document with screenshots at https://www.bamsoftware.com/sec/goagent-advisory.html. * GoAgent installs a root CA certificate with a known private key * Test page * Mitigation * How to remove the GoAgent certificate * Improper TLS validation ma

[FD] iScan Online Mobile 2.0.1 iOS - Command Inject Vulnerability

Document Title: === iScan Online Mobile 2.0.1 iOS - Command Inject Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1271 Release Date: = 2014-06-02 Vulnerability Laboratory ID (VL-ID): =

[FD] CVE-2014-0907 - SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH In IBM DB2

Vulnerability title: SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH In IBM DB2 CVE: CVE-2014-0907 Vendor: IBM Product: DB2 Affected version: V9.1, V9.5, V9.7, V10.1 and V10.5 Fixed version: V9.7 FP9a, V10.1 FP3a, V10.1 FP4 and V10.5 FP3a Reported by: Tim Brown Details: It ha

[FD] Bluetooth Photo-File Share v2.1 iOS - Multiple Web Vulnerabilities

Document Title: === Bluetooth Photo-File Share v2.1 iOS - Multiple Web Vulnerabilities References (Source): http://www.vulnerability-lab.com/get_content.php?id=1270 Release Date: = 2014-05-30 Vulnerability Laboratory ID (VL-ID): ===

[FD] TigerCom My Assistant v1.1 iOS - File Include Vulnerability

Document Title: === TigerCom My Assistant v1.1 iOS - File Include Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1268 Release Date: = 2014-05-23 Vulnerability Laboratory ID (VL-ID): ==

[FD] Privacy Pro v1.2 HZ iOS - File Include Web Vulnerability

Document Title: === Privacy Pro v1.2 HZ iOS - File Include Web Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1267 Release Date: = 2014-05-23 Vulnerability Laboratory ID (VL-ID): =

[FD] Files Desk Pro v1.4 iOS - File Include Web Vulnerability

Document Title: === Files Desk Pro v1.4 iOS - File Include Web Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1266 Release Date: = 2014-05-16 Vulnerability Laboratory ID (VL-ID): =

[FD] NG WifiTransfer Pro 1.1 - File Include Vulnerability

Document Title: === NG WifiTransfer Pro 1.1 - File Include Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1260 Release Date: = 2014-04-28 Vulnerability Laboratory ID (VL-ID): =