Security Alerts & News
by Tymoteusz A. Góral

#664 Steam patches broken crypto in wake of replay, padding Oracle attacks
The digital gaming platform Steam was quick to patch a cryptographic issue in its client recently that could have allowed an attacker to read sensitive information sent over its network, take over an account, or view plain-text passwords.

Valve, the Bellevue, Wash.-based video game developer that oversees the platform, rolled out new code on its servers late last year to address a handful of issues in its crypto brought to light by a researcher. The private disclosure included flaws he used to leverage a man-in-the-middle attack, a replay attack, and a padding oracle attack. The researcher strung together those flaws to determine that with enough tries he could glean user information from the service.
Read more
#665 7 million unsalted MD5 passwords leaked by Minecraft community Lifeboat
#664 Steam patches broken crypto in wake of replay, padding Oracle attacks
#663 Firefox 46 patches critical memory vulnerabilities
#662 Cisco: Tuto4PC utilities silently install 12M mackdoors
#661 RuMMS: The latest family of Android malware attacking users in Russia via SMS phishing
#660 Hundreds of Spotify credentials appear online – users report accounts hacked
#659 Hacking group “PLATINUM” used Windows’ own patching system against it
#658 If you use Waze, hackers can stalk you
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12