The Intel Security Advanced Threat Research Team has discovered a critical signature forgery vulnerability in the Mozilla Network Security Services (NSS) crypto library.
A vulnerability in some versions of Mozilla NSS could lead to a security bypass. The flaw is a variant of the RSA signature verification vulnerability discovered in 2006. It is caused by an error in the checking of the signature padding, allowing an attacker to forge a signature without the need to know the private RSA keys. Successful exploitation could allow an attacker to bypass SSL authentication in any domain, and intercept and monitor secure traffic.
Mozilla have released an update to resolve this issue and public details have been disclosed.
Mozilla Foundation Security Advisory 2014-73
McAfee Threat Advisory MTIS14-147
Wednesday 24 September 2014
Monday 15 September 2014
Microsoft Release AzureAD Basic
Microsoft have recently released their Mid-Tier AzureAD offering, in addition to AzureAD Free and AzureAD Premium.
This new offering is geared towards Enterprises who want to equip their 'deskless' employees with an Active Directory integrated Sign On experience without the Multifactor Authentication and similar features not required for these types of users.
This new offering is geared towards Enterprises who want to equip their 'deskless' employees with an Active Directory integrated Sign On experience without the Multifactor Authentication and similar features not required for these types of users.
Thursday 11 September 2014
McAfee Product Specialist - ePO
Monday 8 September 2014
McAfee Threat Intelligence Exchange RC available to download
McAfee have annouced that the 'Release Candidate for their new Threat Intelligence Exchange Architecture and Endpoint enabled products is now available to download frrom the TIE Beta Community.
Subscribe to:
Posts (Atom)