Web vulnerability scanner
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.
The world’s most used penetration testing framework
Knowledge is power, especially when it’s shared. A collaboration between the open source community and Rapid7, Metasploit helps security teams do more than just verify vulnerabilities, manage security assessments, and improve security awareness; it empowers and arms defenders to always stay one step (or two) ahead of the game.
Zusammenfassung: Wie der Staat den Umgang mit Zero-Day-Schwachstellen regeln sollte
For the second time in less than a week, users of the popular end-to-end encrypted #Signal
messaging app have to update their desktop applications once again to patch another severe #codeinjection #vulnerability
Laut aktueller Forschungsergebnisse gehört das Kaschieren übersprungener Android-Patches mittels hochgezählter Versionsnummern bei einigen Smartphone-Herstellern zum Tagesgeschäft.
The topic of that paper is that HTML is used as a back channel to create
an oracle for modified encrypted mails. It is long known that HTML
mails and in particular external links like <img href="tla.org/TAG"/>
are evil if the MUA actually honors them (which many meanwhile seem to
do again; see all these newsletters). Due to broken MIME parsers a
bunch of MUAs seem to concatenate decrypted HTML mime parts which makes
it easy to plant such HTML snippets.
There are two ways to mitigate this attack
- Don't use HTML mails. Or if you really need to read them use a
proper MIME parser and disallow any access to external links.
- Use authenticated encryption.
Efail: Was Sie jetzt beachten müssen, um sicher E-Mails zu verschicken