Windows CryptoAPI の深刻ななりすまし脆弱性を悪用する

January 26, 2023 📢 ℕ𝔸𝕊𝔸™

by Tomer Peled and Yoni Rozenshein Editorial and additional contributions by Tricia Howard Executive summary Akamai Security Research recently analyzed a critical vulnerability in Windows CryptoAPI that was disclosed by the National Security Agency (NSA) and the National Cyber Security Center (NCSC) to Microsoft. The vulnerability, assigned CVE-2022-34689, has a CVSS score of 7.5. It…

anti-Mastodon, Ask HN, Auto-Generate, Billionaires, Blockchain, coding, computer science, Critical, CRYPTO, Exploiting, Show HN, Technology, TOP HN

Linux カーネルでのヌル逆参照の悪用

January 19, 2023 📢𝕊𝕡𝕒𝕔𝕖𝕏™

Posted by Seth Jenkins, Project Zero For a fair amount of time, null-deref bugs were a highly exploitable kernel bug class. Back when the kernel was able to access userland memory without restriction, and userland programs were still able to map the zero page, there were many easy techniques for exploiting null-deref bugs. However with…

anti-Mastodon, Ask HN, Auto-Generate, Billionaires, Blockchain, coding, computer science, CRYPTO, Exploiting, null-dereferences, Show HN, Technology, TOP HN