Feed aggregator

Re: [FD] SSH host key fingerprint - through HTTPS

BugTraq Latest Security Advisories - 8 hours 30 min ago

Posted by john on Sep 02

Or just use an SSHFP record in a signed zone
Categories:

Re: [FD] SSH host key fingerprint - through HTTPS

BugTraq Latest Security Advisories - 8 hours 39 min ago

Posted by Jeroen van der Ham on Sep 02

Hi,

There is a way now, using the “magic” of DNSSEC and SSHFP records: http://tools.ietf.org/html/rfc4255

You use the DNSSEC hierarchy to create a trust chain. You can then securely publish a signed fingerprint of your SSH
host key for that specific machine.

Jeroen.
Categories:

[SECURITY] [DSA 3015-1] lua5.1 security update

BugTraq Latest Security Advisories - 8 hours 49 min ago

Posted by Florian Weimer on Sep 02

-------------------------------------------------------------------------
Debian Security Advisory DSA-3015-1 security () debian org
http://www.debian.org/security/ Florian Weimer
September 01, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : lua5.1
CVE ID : CVE-2014-5461

A heap-based...
Categories:

[SECURITY] [DSA 3016-1] lua5.2 security update

BugTraq Latest Security Advisories - 8 hours 58 min ago

Posted by Florian Weimer on Sep 02

-------------------------------------------------------------------------
Debian Security Advisory DSA-3016-1 security () debian org
http://www.debian.org/security/ Florian Weimer
September 01, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : lua5.2
CVE ID : CVE-2014-5461

A heap-based...
Categories:

Re: [FD] SSH host key fingerprint - through HTTPS

Posted by maxigas on Sep 02

From: John Leo <johnleo () checkssh com>
Subject: [FD] SSH host key fingerprint - through HTTPS
Date: Mon, 01 Sep 2014 12:41:17 +0800

Excellent point and thanks for the tool! Indeed, fingerprint
verification is the absolute weak point of SSH. Here the problem
is that you have to trust the service operators when you use
checkssh or set up your own. Is the source code available
somewhere?

Also, a better solution is to use Monkeysphere which...
Categories:

Bugtraq: Avira License Application - Cross Site Request Forgery Vulnerability

Avira License Application - Cross Site Request Forgery Vulnerability
Categories:

Bugtraq: Re: SSH host key fingerprint - through HTTPS

Re: SSH host key fingerprint - through HTTPS
Categories:

Vuln: Oracle Java SE CVE-2014-0446 Remote Security Vulnerability

Oracle Java SE CVE-2014-0446 Remote Security Vulnerability
Categories:

Vuln: Oracle Java SE CVE-2014-0453 Remote Security Vulnerability

Oracle Java SE CVE-2014-0453 Remote Security Vulnerability
Categories:

Vuln: Oracle Java SE CVE-2014-0457 Remote Code Execution Vulnerability

Oracle Java SE CVE-2014-0457 Remote Code Execution Vulnerability
Categories:

Vuln: Oracle Java SE CVE-2014-0456 Remote Code Execution Vulnerability

Oracle Java SE CVE-2014-0456 Remote Code Execution Vulnerability
Categories:

Vuln: Oracle Java SE CVE-2014-2427 Remote Security Vulnerability

Oracle Java SE CVE-2014-2427 Remote Security Vulnerability
Categories:

Vuln: Oracle Java SE CVE-2014-2423 Remote Security Vulnerability

Oracle Java SE CVE-2014-2423 Remote Security Vulnerability
Categories:

Vuln: Oracle Java SE CVE-2014-2414 Remote Security Vulnerability

Oracle Java SE CVE-2014-2414 Remote Security Vulnerability
Categories:

Vuln: Oracle Java SE CVE-2014-2412 Remote Security Vulnerability

Oracle Java SE CVE-2014-2412 Remote Security Vulnerability
Categories:

Vuln: WordPress WebEngage Plugin Multiple Cross Site Scripting Vulnerabilities

WordPress WebEngage Plugin Multiple Cross Site Scripting Vulnerabilities
Categories:

Vuln: Mozilla Firefox/Thunderbird CVE-2014-1533 Multiple Memory Corruption Vulnerabilities

Mozilla Firefox/Thunderbird CVE-2014-1533 Multiple Memory Corruption Vulnerabilities
Categories:

Vuln: Mozilla Firefox/Thunderbird CVE-2014-1541 Memory Corruption Vulnerability

Mozilla Firefox/Thunderbird CVE-2014-1541 Memory Corruption Vulnerability
Categories:

Vuln: Mozilla Firefox/Thunderbird CVE-2014-1538 Memory Corruption Vulnerability

Mozilla Firefox/Thunderbird CVE-2014-1538 Memory Corruption Vulnerability
Categories:

Vuln: QEMU 'virtio_load()' Function Memory Corruption Vulnerability

QEMU 'virtio_load()' Function Memory Corruption Vulnerability
Categories: