CurveBall vunerability

For discussions about security.
Post Reply
Message
Author
User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

CurveBall vunerability

#1 Post by 8Geee »

The Cryptographic API in Windows 10 is vunerable to spoofing and other naughty stuff. This is not good, as the WHOLE cryptograhic function is compromized. In particular the Edge Browser, as it faces the Wide Area Network (Outsude World).

And while this is puppy, and we don't need no stinking windows or its edge browser... quite a few people here use the Chrome Browser that is also vunerable.

And even in the write-up the Chrome aspect of the vector attack is to put it mildly in fine print.

So the Chrome Browser needs a check-up from the neck-up.

Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."
Top
User avatar
perdido
Posts: 1528
Joined: Mon 09 Dec 2013, 16:29
Location: ¿Altair IV , Just north of Eeyore Junction.?

#2 Post by perdido »

Thanks 8Geee

Reported by our friends at the NSA, no doubt after they wore it out.
CVE-2020-0601
Found this page that offers a test.
http://testcve.kudelskisecurity.com/
Link to page was posted here
The only halfway safe way to wander the interweb is with all scripting and redirecting disabled, all cookies disabled.
Only approve what you need in order to view the site you are at.
Attachments
896a23a9.jpg
(33.4 KiB) Downloaded 155 times
Top
User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

#3 Post by 8Geee »

When I last checked, Qualys Client Check also has it.

AtomicPup-2020... clicking on the button DOES NOT WORK. The script never runs!

Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."
Top
Post Reply

Return to “Security”