Rocksolid Light

Welcome to novaBBS

register   nodelist   faq  

To request a group be added, ask in Rocksolid Nodes and specify 'novabbs'


rocksolid / Security / Re: Rumor has it that there is some massive flaw in Windows

SubjectAuthor
* Rumor has it that there is some massive flaw in WindowsGuest
+- Re: Rumor has it that there is some massive flaw in WindowsAnonUser
`* Re: Rumor has it that there is some massive flaw in Windowsanon
 `- Re: Rumor has it that there is some massive flaw in Windowsanon

Subject: Rumor has it that there is some massive flaw in Windows
From: gue...@retrobbs.rocksolidbbs.com (Guest)
Newsgroups: rocksolid.shared.security
Organization: Dancing elephants
Date: Tue, 14 Jan 2020 20:14 UTC
Guess we will know the truth tomorrow.

https://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-of-first-2020-patch-tuesday/

Sources tell KrebsOnSecurity that Microsoft Corp. is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows. Those sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. military and to other high-value customers/targets that manage key Internet infrastructure, and that those organizations have been asked to sign agreements preventing them from disclosing details of the flaw prior to Jan. 14, the first Patch Tuesday of 2020.

According to sources, the vulnerability in question resides in a Windows component known as crypt32.dll, a Windows module that Microsoft says handles "certificate and cryptographic messaging functions in the CryptoAPI." The Microsoft CryptoAPI provides services that enable developers to secure Windows-based applications using cryptography, and includes functionality for encrypting and decrypting data using digital certificates.

A critical vulnerability in this Windows component could have wide-ranging security implications for a number of important Windows functions, including authentication on Windows desktops and servers, the protection of sensitive data handled by Microsoft's Internet Explorer/Edge browsers, as well as a number of third-party applications and tools.

Equally concerning, a flaw in crypt32.dll might also be abused to spoof the digital signature tied to a specific piece of software. Such a weakness could be exploited by attackers to make malware appear to be a benign program that was produced and signed by a legitimate software company.
Posted on def3


Subject: Re: Rumor has it that there is some massive flaw in Windows
From: AnonU...@rslight.i2p (AnonUser)
Newsgroups: rocksolid.shared.security
Organization: Rocksolid Light
Date: Wed, 15 Jan 2020 11:34 UTC
Guest wrote:

Guess we will know the truth tomorrow.

https://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-of-first-2020-patch-tuesday/

"A critical vulnerability in this Windows component could have wide-ranging security implications for a number of important Windows functions, including authentication on Windows desktops and servers"

Authentication of Windows servers/clients is the most irritating part of my every day at work. Constant failures, errors, 'change your password' (which always fails). I almost welcome the complete destruction of the company's network. Maybe only then would they even consider giving up on Microsoft (they won't)

--
Posted on: rslight.i2p


Subject: Re: Rumor has it that there is some massive flaw in Windows
From: ano...@anon.com (anon)
Newsgroups: rocksolid.shared.security
Organization: def5
Date: Thu, 16 Jan 2020 15:36 UTC

Like, anyone trusted Windows cryptography in the first place?

I think the general assumption has been that whatever crypto Windows came with had several back-doors to begin with... suitable maybe for keeping the kids out.  Anybody who was serious uses PGP-GPG at least, or other encrypted containers.  "High value government targets" using Windows at all - pretty crazy if you ask me.

Posted on def4


Subject: Re: Rumor has it that there is some massive flaw in Windows
From: ano...@anon.com (anon)
Newsgroups: rocksolid.shared.security
Organization: def5
Date: Fri, 17 Jan 2020 09:31 UTC

"High value government targets" using Windows at all - pretty crazy if you ask me.

heard that. but depends on what one wants: windows does not have bugs, but bugdoors. pretty convinient for those who know...

Posted on def4


1
rocksolid light 0.6.5f
clearnet i2p tor