Sign up for our weekly newsletter!
REGISTER NOW
Comments
Newest First | Oldest First | Threaded View
LarryLoeb
LarryLoeb
2/8/2018 6:49:44 AM
User Rank
Author
Re: How to guides for bad guys...?
@mhhfive

These guys did have some suggestions for mitigation.

But to have an exploitable channel in X.509 certs is a big deal.

I just wonder if someone in the NSA is cursing under their breath that someone found this one. It could have been hiding in plain sight for a long time.

50%
50%
mhhfive
mhhfive
2/7/2018 9:17:37 PM
User Rank
Guardian
How to guides for bad guys...?
It's good to see researchers pushing the envelope of vulnerabilities, but maybe they should have more patch suggestions before they publish their how-to guides? I know it's not always possible, but it does seem like there's an advantage given to the black hats who are handed these exploits which they can modify as they see fit to evade detection or to make more pernicious.

50%
50%


Latest Articles
Some startups need to shape up or ship out.
Hardware for security may just get hot.
There is a protocol in Windows that has been around since the days of Windows XP, which has been found to be insecure.
Establishing a business-focused security assurance program is a long-term, ongoing investment.
A syntax construct inside the TCL language is allowing injection attacks to occur.
Flash Poll
Video
In a wide-ranging interview, Cisco security boss Gee Rittenhouse talks about how machine learning, AI, blockchain and other emerging technologies ...
CloudPassage's new technology, called Container Secure, involves a five-step process to ensure seamless security in container deployments from the ...
You can't so much as go to a coffee shop today without hearing the word 'blockchain.' Hearing about a useful blockchain is less common, but ...
Last year, 60 million companies changed owners worldwide. That turnover makes it incredibly difficult to avoid doing business with entities (e.g., ...
Keith Furst of Data Derivatives interviews Daniel Wagner, author of a new book, Virtual Terror: 21st Century Cyber Warfare. They discuss the ways ...
All Videos
Sponsored Video
Sage Wagner, senior security pre-sales engineer with RiskSense, provides a demo of the company's latest technology 'RiskSense Solution,' a ...
Janus Technologies is launching a line of products that protect against the many threats to enterprises' sensitive data. David Schultz, vice ...
This new video will inspire companies to reimagine their business for success in a world where connectivity is more than a commodity. Sponsored Video
All Videos
Radio Shows
like us on facebook
Security Now
About Us     Contact Us     Help     Register     Events     Supporting Partners     Twitter     Facebook     RSS
Copyright © 2019 Light Reading, part of Informa Tech,
a division of Informa PLC. All rights reserved. Privacy Policy | Cookie Policy | Terms of Use
in partnership with