はてなブックマーク

Follow @Openwall on Twitter for new release announcements and other news [<prev] [next>] [thread-next>] [day] [month] [year] [list] Message-ID: <20240329155126.kjjfduxw2yrlxgzm@awork3.anarazel.de> Date: Fri, 29 Mar 2024 08:51:26 -0700 From: Andres Freund <andres@...razel.de> To: oss-security@...ts.openwall.com Subject: backdoor in upstream xz/liblzma leading to ssh server compromise Hi, After obse

Follow @Openwall on Twitter for new release announcements and other news [<prev] [next>] [day] [month] [year] [list] Message-ID: <ZMt8hi5vahYgLG2-@kasco.suse.de> Date: Thu, 3 Aug 2023 12:08:05 +0200 From: Matthias Gerstner <mgerstner@...e.de> To: oss-security@...ts.openwall.com Subject: Mozilla VPN: CVE-2023-4104: Privileged vpndaemon on Linux wrongly and incompletely implements Polkit authenticat

Follow @Openwall on Twitter for new release announcements and other news [<prev] [next>] [thread-next>] [day] [month] [year] [list] Message-ID: <20210720123335.GA19170@localhost.localdomain> Date: Tue, 20 Jul 2021 12:36:11 +0000 From: Qualys Security Advisory <qsa@...lys.com> To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> Subject: CVE-2021-33909: size_t-to-int vulnerabilit

Password authentication for web and mobile apps (e-book) yescrypt - scalable KDF and password hashing scheme yescrypt is a password-based key derivation function (KDF) and password hashing scheme. It builds upon Colin Percival's scrypt. This implementation is able to compute native yescrypt hashes as well as classic scrypt. For a related proof-of-work (PoW) scheme, see yespower instead. Download t

Follow @Openwall on Twitter for new release announcements and other news [<prev] [next>] [day] [month] [year] [list] Message-ID: <nycvar.QRO.7.76.6.2103091555260.50@tvgsbejvaqbjf.bet> Date: Tue, 9 Mar 2021 16:03:37 +0100 (CET) From: Johannes Schindelin <Johannes.Schindelin@....de> To: oss-security@...ts.openwall.com cc: git-security@...glegroups.com, Matheus Tavares <matheus.bernardino@....br> Sub

John the Ripper password cracker John the Ripper is an Open Source password security auditing and password recovery tool available for many operating systems. John the Ripper jumbo supports hundreds of hash and cipher types, including for: user passwords of Unix flavors (Linux, *BSD, Solaris, AIX, QNX, etc.), macOS, Windows, "web apps" (e.g., WordPress), groupware (e.g., Notes/Domino), and databas

Follow @Openwall on Twitter for new release announcements and other news [<prev] [next>] [thread-next>] [day] [month] [year] [list] Message-ID: <20190109190249.GD21791@localhost.localdomain> Date: Wed, 9 Jan 2019 11:02:49 -0800 From: Qualys Security Advisory <qsa@...lys.com> To: oss-security@...ts.openwall.com Subject: System Down: A systemd-journald exploit Qualys Security Advisory System Down: A

Follow @Openwall on Twitter for new release announcements and other news [<prev] [next>] [thread-next>] [day] [month] [year] [list] Message-ID: <20170530151629.GA19040@localhost.localdomain> Date: Tue, 30 May 2017 08:16:29 -0700 From: Qualys Security Advisory <qsa@...lys.com> To: oss-security@...ts.openwall.com Subject: Qualys Security Advisory - CVE-2017-1000367 in Sudo's get_process_ttyname() fo

Follow @Openwall on Twitter for new release announcements and other news [<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] Message-ID: <57292879.7050303@gmail.com> Date: Wed, 4 May 2016 01:38:49 +0300 From: Karim Valiev <valievkarim@...il.com> To: oss-security@...ts.openwall.com Subject: Re: ImageMagick Is On Fire -- CVE-2016-3714 The exploit was posted at Hacker News comme

Follow @Openwall on Twitter for new release announcements and other news [<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] Message-ID: <20150513212040.GA22701@suse.de> Date: Wed, 13 May 2015 23:20:40 +0200 From: Marcus Meissner <meissner@...e.de> To: oss-security@...ts.openwall.com Subject: Re: VENOM - CVE-2015-3456 On Wed, May 13, 2015 at 11:57:20PM +0300, Solar Designer w

Follow @Openwall on Twitter for new release announcements and other news [<prev] [next>] [thread-next>] [day] [month] [year] [list] Message-ID: <20150127162936.GB18888@localhost.localdomain> Date: Tue, 27 Jan 2015 08:29:36 -0800 From: Qualys Security Advisory <qsa@...lys.com> To: oss-security@...ts.openwall.com Subject: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer ove

Follow @Openwall on Twitter for new release announcements and other news yescrypt: password hashing scalable beyond bcrypt and scrypt These are the slides on yescrypt that we used at PHDays 2014. In a sense, this presentation is a continuation of Password security: past, present, future (PHDays 2012, Passwords^12), Password hashing at scale (YaC 2012), New developments in password hashing: ROM-por

Follow @Openwall on Twitter for new release announcements and other news Password security: past, present, future These are the slides we used at PHDays 2012 and Passwords^12 (with major updates). In a sense, this presentation is continued with Password hashing at scale (YaC 2012) and New developments in password hashing: ROM-port-hard functions (ZeroNights 2012), so please check those out as well

Follow @Openwall on Twitter for new release announcements and other news Password hashing at scale These are the slides we used at YaC 2012. In a sense, this presentation is a continuation of Password security: past, present, future (PHDays 2012, Passwords^12) and it is continued with New developments in password hashing: ROM-port-hard functions (ZeroNights 2012) and yescrypt: password hashing sca

Follow @Openwall on Twitter for new release announcements and other news Software you can find here (what's new?): Openwall GNU/*/Linux security-enhanced Linux distribution for servers Linux Kernel Runtime Guard (on its own website) John the Ripper password cracker for Linux, Mac, Windows, ... (and wordlists for use with it and with other tools) passwdqc - password strength checking and enforcemen

107 Recent messages: 2025/07/22 #1: [kubernetes] CVE-2025-7342: VM images built with Kubernetes Image Builder Nutanix or OVA providers use default credentials … (Rita Zhang <rita.z.zhang@...il.com>) 2025/07/21 #3: Re: CVE-2025-30761：A vulnerability in JDK's Nashorn Allows for Arbitrary Code Execution (Moritz Bechler <mbechler@...terphace.org>) 2025/07/21 #2: CVE-2025-50151: Apache Jena: Configurat

Password authentication for web and mobile apps (e-book) Portable PHP password hashing framework Please note that password hashing is often wrongly referred to as "password encryption". Hashing is a more appropriate term since encryption is something that is supposed to be easily reversible. phpass (pronounced "pH pass") is a portable public domain password hashing framework for use in PHP applica

Follow @Openwall on Twitter for new release announcements and other news Openwall wordlists collection This wordlists collection is a result of processing many hundreds of public domain wordlist files from multiple sources and in a variety of file formats. Most files were rejected for being duplicates or for poor quality, but a few hundred remained and went into the combined wordlists you will fin