Critical SonicWall VPN Portal Bug Allows DoS, Worming RCE
The CVE-2020-5135 stack-based buffer overflow security vulnerability is trivial to exploit, without logging in. Continue reading Critical SonicWall VPN Portal Bug Allows DoS, Worming RCE
Category Archives: Craig Young
Google to Fix Location Data Leak in Google Home, Chromecast
Google in the coming weeks is expected to fix a location privacy leak in two of its most popular consumer products. New research shows that Web sites can run a simple script in the background that collects precise location data on people who have a Google Home or Chromecast device installed anywhere on their local network. Continue reading Google to Fix Location Data Leak in Google Home, Chromecast
Facebook patches security flaw based on 19-year-old bug; other sites may still be vulnerable
Facebook has paid a group of researchers a bug bounty prize for notifying the company of a severe vulnerability based on a slight modification of an encryption bug from 1998 that was until now presumed to be patched by most major websites, Forbes reported. The researchers say many more websites could be vulnerable. The trio of researchers – Hanno Böck and Juraj Somorovsky from Germany, and Craig Young from the United States – dubbed the vulnerability “ROBOT” in a blog post published on Tuesday and say that it could affect subdomains on 27 of the top 100 websites on Alexa, the web traffic analytics website. The bug can let a hacker sit between a user and a website’s server and intercept private information, such as passwords. The vulnerability is based on the 19-year-old Bleichenbacher attack, by which an attacker can figure how to break through a websites’s encryption using a barrage of queries. […]
The post Facebook patches security flaw based on 19-year-old bug; other sites may still be vulnerable appeared first on Cyberscoop.
Facebook patches security flaw based on 19-year-old bug; other sites may still be vulnerable
Facebook has paid a group of researchers a bug bounty prize for notifying the company of a severe vulnerability based on a slight modification of an encryption bug from 1998 that was until now presumed to be patched by most major websites, Forbes reported. The researchers say many more websites could be vulnerable. The trio of researchers – Hanno Böck and Juraj Somorovsky from Germany, and Craig Young from the United States – dubbed the vulnerability “ROBOT” in a blog post published on Tuesday and say that it could affect subdomains on 27 of the top 100 websites on Alexa, the web traffic analytics website. The bug can let a hacker sit between a user and a website’s server and intercept private information, such as passwords. The vulnerability is based on the 19-year-old Bleichenbacher attack, by which an attacker can figure how to break through a websites’s encryption using a barrage of queries. […]
The post Facebook patches security flaw based on 19-year-old bug; other sites may still be vulnerable appeared first on Cyberscoop.