It's actually a memory corruption leading to remote code execution, though
it's not clear how reliable the RCE is. (Possibly, if you can heap spray
the client?)
Technical analysis here:
http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/.
Affects clients only.
On Mon, Jun
I'm noticing this in today's Ubuntu updates:
SECURITY UPDATE: memory corruption due to server hello parsing
-debian/patches/CVE-2014-3466.patch: validate session_id_len in
lib/gnutls_handshake.c
I haven't looked at the code, and the CVE referenced is simply reserved,
not populated yet. But that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Try looking here: http://www.gpg4win.org/doc/en/gpg4win-compendium.html
For the most part any Windows 7+ install instructions should work.
On June 1, 2014 6:24:49 AM MDT, Jose OCampo wrote:
>Hi,
>
>I spent hours trying to figure out how to get a
++ 01/06/14 19:45 +0200 - frank ernest:
> Hi again, I have been browsing and downloading gpg signed files and I'm
> acctually been downloading the sigs! However, I'm having trouble figuring
> out who signed what. Is there some way to determin this using the sig?
> Perhaps it has the keys fi
Hello
I like to automate encryption but what parameters I need to use for file which
name is changing?
Here is my command: gpg -sear --homedir e:\gnu\keys --batch
--default-key private...@.fi --passphrase x
"E:\Inetpub\wwwroot\usrImport_timestamp.csv"
So th
Hi again, I have been browsing and downloading gpg signed files and I'm acctually been downloading the sigs! However, I'm having trouble figuring out who signed what. Is there some way to determin this using the sig? Perhaps it has the keys fingerpinnt in it or something. For obvious things like th
Hi,
I spent hours trying to figure out how to get a gpg key i was wondering if you
can you assist me in installing the gnupd on my windows 8.1 computer so i can
get a key. Thanks!___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.or
unsubscribe
2014-06-01 16:17 GMT+02:00 Hauke Laging :
> Am So 01.06.2014, 12:54:30 schrieb Suspekt:
>
> > But I yet have to find someone recommending to use the offline mainkey
> > also for encryption/decryption of files, that are so important that
> > subkey encryption/decryption is not secure
Am also not familiar with any legal tests or precedents,
but the following could hypothetically just as easily be argued:
The government wants you to do X; you're apparently not complying;
you're now before the judge who has to decide whether the government
has the power to make you do X. T
On Jun 2, 2014, at 11:30 AM, Suspekt wrote:
> Am 02.06.2014 17:01, schrieb David Shaw:
> > One problem with multiple encryption subkeys is that the person
> > encrypting to you doesn't know which one to use. As things stand in
> > OpenPGP clients today, unless the person encrypting explicitly
> >
Am Mo 02.06.2014, 17:30:15 schrieb Suspekt:
> Correct me if I'm wrong but doesn't GPG prefer the keys created last
> over keys created earlier? So it would use the every-day keys by
> default and use the high-security keys only if told specifically?
What can possibly go wrong...
--
Crypto für a
On 06/02/2014 11:30 AM, Suspekt wrote:
> Am 02.06.2014 17:01, schrieb David Shaw:
>> One problem with multiple encryption subkeys is that the person
>> encrypting to you doesn't know which one to use. As things stand in
>> OpenPGP clients today, unless the person encrypting explicitly
>> specifies
Am 02.06.2014 17:01, schrieb David Shaw:
> One problem with multiple encryption subkeys is that the person
> encrypting to you doesn't know which one to use. As things stand in
> OpenPGP clients today, unless the person encrypting explicitly
> specifies which subkey to use (and not all clients eve
On 02-06-2014 16:43, ved...@nym.hush.com wrote:
> Is there any crypto-archive that has TrueCrypt 7.1 for Ubuntu?
>
> (am so used to just doing; ' sudo apt-get install truecrypt '
> which doesn't work anymore because it's no longer on the truecrypt or
> sourceforge site)
>From what I downloaded
On 6/1/2014 at 10:55 AM, "David Shaw" wrote:
>One reason is that in some places there are legal issues around
>this. You can be legally required to give up your encryption key
>to the authorities or suffer the consequences (arrest / jail /
>etc). The idea is that if you have a different encr
On Jun 1, 2014, at 3:25 PM, Suspekt wrote:
> OK,lets take the forced-by-law-theory in account. Than the "best" way from a
> pure security-standpoint in this regard would be:
> 0. OFFline-mainkey (certification of own keys and other people's keys)
> -> 1. OFFline-subkey (signing)
> -> 2. OFFline-
On 5/30/2014 at 4:55 PM, "Johan Wevers" wrote:
>All other solutions I have seen so far are much more limited than
>TrueCrypt: they are either for only one OS (usually windows or
>Linux),
>they are only focussed on whole drive encryption (TrueCrypt
>containers
>can be ptretty usefull too and wor
17 matches
Mail list logo
