I get the impression that people should perhaps pay very close attention to installing tomorrow's Microsoft Patch Tuesday updates in a timely manner. Even more so than others. I don't know... just call it a hunch? ¯\_(ツ)_/¯
-
-
CVE-2020-0601 : Read
@moxie's SSL And The Future Of Authenticity https://moxie.org/blog/ssl-and-the-future-of-authenticity/ … Though in this case it's not a rogue CA, but a Windows flaw that allows a certificate to claim to be issued by a CA that it wasn't. HTTPS spoofing is *one* example. Use your imagination here.pic.twitter.com/YSPnY7HYyh
Prikaži ovu nit -
CVE-2020-0609 CVE-2020-0610 : Work is already being done on reproducing the Remote Desktop Gateway (RD Gateway) unauthenticated RCE (as SYSTEM). Watch this space.https://twitter.com/MalwareTechBlog/status/1217433253096779776 …
0:07Prikaži ovu nit
Kraj razgovora
Novi razgovor -
-
-
Can you share any more details? How exactly does the spoofing work? Why does it only affect ECC?
-
The NSA publication has the most details about what's going on: https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF … It's related to the ability with ECC to have explicitly-defined curve parameters.pic.twitter.com/SBPaqG63WO
- Još 1 odgovor
Novi razgovor -
-
-
I love how the NSA got the heads up on the flaw ahead of everyone else...

-
The NSA discovered it so yeah of course they knew before everyone else.
- Još 2 druga odgovora
Novi razgovor -
-
-
Where these all VEP'd or just the ECC x509 chains one?
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Rdgateway is the one to freak out on if you have RDgateway set up. Not 3389, 443 and you offer up Rdweb access or Desktops via RDP or use Essentials sku or role on 2012 or later. SBS 2011 (aka Server 2008 R2 not vulnerable)
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
this is like christmas.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
AV:N/AC:L/Au:N/C:C/I:C/A:C Lmafo just everything, eh? Easy as can be, as impactful as possible... Over the network. Thank you to the NSA and CIA, and everyone who whitehats this stuff instead of using it to make themselves billionaires.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.