Phreebird is a DNSSEC proxy that operates in front of an existing DNS server (such as BIND, Unbound, PowerDNS, Microsoft DNS, or QIP) and supplements its records with DNSSEC responses. Features of Phreebird include automatic key generation, realtime record signing, support for arbitrary responses, zero configuration, NSEC3 "White Lies", caching and rate limiting to deter DoS attacks, and experimental support for both Coarse Time over DNS and HTTP Virtual Channels. The suite also contains a large amount of sample code, including support for federated identity over OpenSSH. Finally, "Phreeload" enhances existing OpenSSL applications with DNSSEC support.
851f74625841584a432de6c57ae431f0553eb5bb5633b06087be46e51e44f01b
Mozilla NSS NULL character CA SSL certificate validation security bypass vulnerability.
92116a1f698ebd192000a6a214b3792bd3a3666828967d60da976747919e9260
Mozilla Firefox versions up through 3.0.13 suffer from an arbitrary command execution vulnerability due to the pkcs11.addmodule function.
d27911cb4945b160c3febbb8a671498c09e9a56d2ba6f7c5749ad00881cf8fd4
DNS TXT record parsing in LibSPF2 suffers from a memory corruption vulnerability. Heap overflow exploit included for reproduction purposes.
201e0e386e4ffdd03e46d72e898dd00d190b309d864f602273579977691c6d8f
Stripwire is a tool which demonstrates vulnerabilities in md5 checks described in this paper. Contains a perl script which proves that if md5(x) == md5(y), then md5(x+q) == md5(y+q) (assuming length(x) and length(y) are 0 mod 64, and q is any arbitrary data). This is true because once two blocks converge upon the same hash, the nature of them being different has thereafter been lost.
fa4f1a1f3b2cd2098eef127cc9d5b5b38193af9ffa1fb17e7563d8a8214d60dd
Collision vulnerabilities in MD5 Checksums - It is possible to create different executables which have the same md5 hash. The attacks remain limited, for now. The attack allows blocks in the checksumm'd file to be swapped out for other blocks without changing the final hash. This is an excellent vector for malicious developers to get unsafe code past a group of auditors, perhaps to acquire a required third party signature. Alternatively, build tools themselves could be compromised to embed safe versions of dangerous payloads in each build. A tool to demonstrate these vulnerabilities is available here.
cac2fbb0fa5442eda45b2a7a2412eb69fc74e574eb60d2a15209e44acf7e5bf8
Paketto Keiretsu v1.10 implements many of the techniques described in recent here.
13498ef49b79f95d1cbf4ebf15edde6b5cfdb5a67557b8060715b30fcab27b73
Paketto Keiretsu v1.0 implements many of the techniques described in recent here.
d299bf6abe03d918e37df1c295802a96440e450cb66dda894e980338dbd31941
TCP Chorusing in the Windows 9x TCP/IP Stack - Flaws in the Windows 9x TCP/IP Stack can lead to Denial of Service attacks - this issue is not new, but the problems described by Dan Kaminsky in this article are.
86110a839ed3b556156227bd89e253bc4841d4f1fa9afec14790bc6261ee825f