Rumor: Microsoft might share information on 'extremely critical vulnerability' later today

Discussion in 'Frontpage news' started by Hilbert Hagedoorn, Jan 14, 2020.

  1. BetA

    BetA Ancient Guru

    Messages:
    4,202
    Likes Received:
    179
    GPU:
    MSI GTX670 PEOC@1350Mhz
    there you go....


    Full CERT Report:
    https://kb.cert.org/vuls/id/849224/





    The NSA did found this one.. just on a side note.. (im pretty shure they even used it)

    Updated from Krebs
    https://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-of-first-2020-patch-tuesday/


    -- This issue was disclosed by Microsoft, who in turn credit the National Security Agency (NSA).
     
  2. DeskStar

    DeskStar Master Guru

    Messages:
    706
    Likes Received:
    96
    GPU:
    4 eVGA GTX TITAN SC
    Yuppers…. A big'ol update came in today.
     
  3. BetA

    BetA Ancient Guru

    Messages:
    4,202
    Likes Received:
    179
    GPU:
    MSI GTX670 PEOC@1350Mhz
    some more detailed information about the Crypto stuff...

    https://news.ycombinator.com/item?id=22048619


    PS... this Bug is not 20 years Old like its stated.
    This Bug was introduced "2015"!!!! with a change regarding the problems with ECDSA and NIST-Curves. Wich they changed and then this Bug was introduced...

    Here its says:
    https://tools.ietf.org/html/rfc5480

    ummm, WTF? If it says "It must not be used" WHy the hell did they do it anyway.. Maybe a wanted back/Bugdoor?
     
    Last edited: Jan 15, 2020

Share This Page