If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
For the first time ever, the NSA publicly disclosed a vulnerability - U.S. Government Issues Critical Windows 10 ¡Update Now¢ Alert
o U.S. Government Issues Critical Windows 10 'Update Now' Alert
https://www.forbes.com/sites/daveywinder/2020/01/15/us-government-issues-critical-windows-10-update-now-alert/ "Indeed, it was the NSA itself that discovered the vulnerability and reported it to Microsoft. This is, Neuberger confirmed, the first time that the NSA had publicly disclosed a vulnerability to a software vendor." "Malicious software could masquerade as legitimate software that has been authenticated and signed by a trusted source; malware detection could be negatively impacted as a result. Furthermore, browsers that rely upon Windows CryptoAPI could be fooled by a maliciously signed digital certificate and so no warnings would be issued if a threat actor were to then decrypt data or inject malicious data." "Even before Microsoft itself disclosed the details of CVE-2020-0601, a Windows CryptoAPI spoofing vulnerability, the NSA had confirmed the importance of both the flaw and the fix. Anne Neuberger, director of the NSA Cybersecurity Directorate, warned that the issue "makes trust vulnerable." CISA, via the National Cyber Awareness System, has published an alert titled "Critical Vulnerabilities in Microsoft Windows Operating Systems." https://www.us-cert.gov/ncas/alerts/aa20-014a See also: o New Windows 10 'Extraordinarily Serious' Security Warning https://www.forbes.com/sites/daveywinder/2020/01/14/windows-10-extraordinarily-serious-security-warning-for-900-million-users/ |
Ads |
#2
|
|||
|
|||
For the first time ever, the NSA publicly disclosed a vulnerability - U.S. Government Issues Critical Windows 10 ¡Update Now¢ Alert
On Sat, 18 Jan 2020 18:51:06 -0000 (UTC), Arlen Holder wrote:
browsers that rely upon Windows CryptoAPI could be fooled Does anyone know which freeware browsers "rely upon Windows CryptoAPI"? |
#3
|
|||
|
|||
Arlencia faggot
Such a loser you need to reply to
yourself, Arlencia? |
#4
|
|||
|
|||
For the first time ever, the NSA publicly disclosed a vulnerability - U.S. Government Issues Critical Windows 10 ¡Update Now¢ Alert
On Sat, 18 Jan 2020 18:52:57 -0000 (UTC), Arlen Holder wrote:
Does anyone know which freeware browsers "rely upon Windows CryptoAPI"? Apparently the Chrome freeware browser already patched it. https://www.bleepingcomputer.com/news/security/how-malware-gains-trust-by-abusing-the-windows-cryptoapi-flaw/ "To protect users, Chrome added protections that block users from accessing sites using these spoofed certificates." o Google Chrome Adds Protection for NSA's Windows CryptoAPI Flaw https://www.bleepingcomputer.com/news/security/google-chrome-adds-protection-for-nsas-windows-cryptoapi-flaw/ Since it's _already_ in the wild, the NSA losing nothing by advertising it. |
Thread Tools | |
Display Modes | Rate This Thread |
|
|