Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

An Ada exception is when a routine gets in trouble and says 'Beam me up, Scotty'.


computers / rocksolid.shared.security / Rumor has it that there is some massive flaw in Windows

SubjectAuthor
* Rumor has it that there is some massive flaw in WindowsGuest
+- Rumor has it that there is some massive flaw in WindowsAnonUser
`* Rumor has it that there is some massive flaw in Windowsanon
 `- Rumor has it that there is some massive flaw in Windowsanon

1
Rumor has it that there is some massive flaw in Windows

<qvl7d4$i17$1@rocksolidbbs.com>

 copy mid

https://novabbs.com/computers/article-flat.php?id=96&group=rocksolid.shared.security#96

 copy link   Newsgroups: rocksolid.shared.security
Path: i2pn2.org!rocksolid3!.POSTED.rocksolid3!not-for-mail
From: gue...@retrobbs.rocksolidbbs.com (Guest)
Newsgroups: rocksolid.shared.security
Subject: Rumor has it that there is some massive flaw in Windows
Date: Tue, 14 Jan 2020 15:14:03 -0500
Organization: Dancing elephants
Lines: 10
Message-ID: <qvl7d4$i17$1@rocksolidbbs.com>
Reply-To: Guest <guest@retrobbs.rocksolidbbs.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Tue, 14 Jan 2020 20:13:26 -0000 (UTC)
Injection-Info: rocksolidbbs.com; posting-host="rocksolid3:10.128.3.129";
logging-data="18471"; mail-complaints-to="usenet@rocksolidbbs.com"
User-Agent: FUDforum 3.0.7
X-FUDforum: 6666cd76f96956469e7be39d750cc7d9 <229958>
 by: Guest - Tue, 14 Jan 2020 20:14 UTC

Guess we will know the truth tomorrow.

https://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-of-first-2020-patch-tuesday/

Sources tell KrebsOnSecurity that Microsoft Corp. is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows. Those sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. military and to other high-value customers/targets that manage key Internet infrastructure, and that those organizations have been asked to sign agreements preventing them from disclosing details of the flaw prior to Jan. 14, the first Patch Tuesday of 2020.

According to sources, the vulnerability in question resides in a Windows component known as crypt32.dll, a Windows module that Microsoft says handles "certificate and cryptographic messaging functions in the CryptoAPI." The Microsoft CryptoAPI provides services that enable developers to secure Windows-based applications using cryptography, and includes functionality for encrypting and decrypting data using digital certificates.

A critical vulnerability in this Windows component could have wide-ranging security implications for a number of important Windows functions, including authentication on Windows desktops and servers, the protection of sensitive data handled by Microsoft's Internet Explorer/Edge browsers, as well as a number of third-party applications and tools.

Equally concerning, a flaw in crypt32.dll might also be abused to spoof the digital signature tied to a specific piece of software. Such a weakness could be exploited by attackers to make malware appear to be a benign program that was produced and signed by a legitimate software company.
Posted on def3

Re: Rumor has it that there is some massive flaw in Windows

<06c7696f7f5cc2e698e57c0a5d0daea7$1@rslight.i2p>

 copy mid

https://novabbs.com/computers/article-flat.php?id=97&group=rocksolid.shared.security#97

 copy link   Newsgroups: rocksolid.shared.security
Path: i2pn2.org!.POSTED!not-for-mail
From: AnonU...@rslight.i2p (AnonUser)
Newsgroups: rocksolid.shared.security
Subject: Re: Rumor has it that there is some massive flaw in Windows
Date: Wed, 15 Jan 2020 11:34:34 -0000 (UTC)
Organization: Rocksolid Light
Message-ID: <06c7696f7f5cc2e698e57c0a5d0daea7$1@rslight.i2p>
References: <qvl7d4$i17$1@rocksolidbbs.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Wed, 15 Jan 2020 11:34:34 -0000 (UTC)
Injection-Info: i2pn2.org; posting-account="retrobbs1";
logging-data="22792"; mail-complaints-to="usenet@i2pn2-novalink.localdomain"
User-Agent: Rocksolid Light (news.novabbs.com/getrslight)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on novabbs.com
X-Rslight-Site: $2y$10$v.WdzVEoW7XgIRz/XkGMr.SNtKRitbw2IeUJO84DRMnK3P2eJ05M6
 by: AnonUser - Wed, 15 Jan 2020 11:34 UTC

Guest wrote:

> Guess we will know the truth tomorrow.

> https://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-of-first-2020-patch-tuesday/

"A critical vulnerability in this Windows component could have wide-ranging security implications for a number of important Windows functions, including authentication on Windows desktops and servers"

Authentication of Windows servers/clients is the most irritating part of my every day at work. Constant failures, errors, 'change your password' (which always fails). I almost welcome the complete destruction of the company's network. Maybe only then would they even consider giving up on Microsoft (they won't)

--
Posted on: rslight.i2p

Re: Rumor has it that there is some massive flaw in Windows

<9b986a65b842c6493189bc9fe55f744e@def4>

 copy mid

https://novabbs.com/computers/article-flat.php?id=99&group=rocksolid.shared.security#99

 copy link   Newsgroups: rocksolid.shared.security
Path: i2pn2.org!rocksolid2!def5!POSTED.localhost!not-for-mail
From: ano...@anon.com (anon)
Newsgroups: rocksolid.shared.security
Message-ID: <9b986a65b842c6493189bc9fe55f744e@def4>
Subject: Re: Rumor has it that there is some massive flaw in Windows
Date: Thu, 16 Jan 2020 15:36:24+0000
Organization: def5
In-Reply-To: <qvl7d4$i17$1@rocksolidbbs.com>
References: <qvl7d4$i17$1@rocksolidbbs.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
 by: anon - Thu, 16 Jan 2020 15:36 UTC

Like, anyone trusted Windows cryptography in the first place?

I think the general assumption has been that whatever crypto Windows came with had several back-doors to begin with... suitable maybe for keeping the kids out. Anybody who was serious uses PGP-GPG at least, or other encrypted containers.

"High value government targets" using Windows at all - pretty crazy if you ask me.

Posted on def4

Re: Rumor has it that there is some massive flaw in Windows

<0a2dcff744f63c9d93d4c5dd784dcc3f@def4>

 copy mid

https://novabbs.com/computers/article-flat.php?id=100&group=rocksolid.shared.security#100

 copy link   Newsgroups: rocksolid.shared.security
Path: i2pn2.org!rocksolid2!def5!POSTED.localhost!not-for-mail
From: ano...@anon.com (anon)
Newsgroups: rocksolid.shared.security
Message-ID: <0a2dcff744f63c9d93d4c5dd784dcc3f@def4>
Subject: Re: Rumor has it that there is some massive flaw in Windows
Date: Fri, 17 Jan 2020 09:31:39+0000
Organization: def5
In-Reply-To: <9b986a65b842c6493189bc9fe55f744e@def4>
References: <9b986a65b842c6493189bc9fe55f744e@def4>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
 by: anon - Fri, 17 Jan 2020 09:31 UTC

>"High value government targets" using Windows at all - pretty crazy if you ask me.

heard that. but depends on what one wants: windows does not have bugs, but bugdoors. pretty convinient for those who know...

Posted on def4

1
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor