Tag Archives: security

So, about THAT GnuTLS session ticket bug (CVE-2020-13777)

It’s been almost two weeks ago now that I discovered the bug in GnuTLS now known as CVE-2020-13777. The report is issue #1011 on the GnuTLS bug tracker. Here I want to talk a bit about how I discovered the bug and some thoughts on its impact. Session resumption for mod_gnutls I was working onContinue reading “So, about THAT GnuTLS session ticket bug (CVE-2020-13777)”

Secret Cask Structure

As you may have heard, TEPCO started removing fuel elements from the spent fuel pool of reactor 4 at Fukushima Daiichi NPP. Looking through some images of the operation TEPCO released this Friday, I noticed a peculiar note: “These photos include information concerning physical protection, etc. and therefore include altered parts.” Obviously, I immediately becameContinue reading “Secret Cask Structure”

No Access to Passwords!

Recently, here in Germany several laws were passed concerning law enforcement access to user data stored with internet access or service providers, like mail, social media or cloud storage. There are all kinds of things wrong with those laws, threatening privacy in principle, being overly broad, and severly lacking controls (details vary by state, summaryContinue reading “No Access to Passwords!”

Reading Recommendation: “The Boston Marathon Bombing: Keep Calm and Carry On”

I’ve written about damage done by fear before, and here’s another example. Just one day after the bombing at the Boston Marathon, politicians here in Germany are calling for new surveillance laws. The same politicians who are always in favor of more surveillance, of course. This is terribly disrespectful towards the victims and their families,Continue reading “Reading Recommendation: “The Boston Marathon Bombing: Keep Calm and Carry On””

Not Just A Nokia Problem!

Death Twitches: Nokia Caught Wiretapping Encrypted Traffic From Its Handsets You’ve probably heard about the Nokia wiretapping thing already, but if not the link above will fill you in. This is another example why it is bad that phone manufacturers usually remain in control of phones after sale, and it’s not just a Nokia problem.Continue reading “Not Just A Nokia Problem!”

GnuTLS and GLib, Part 1: Threads

[Edit (2011-12-25)] It looks like the way to select the the mutex functions changed slightly since I published this post. Please consult the current documentation to see the difference! [/Edit] When a network application needs privacy and possibly authentication, using SSL or TLS is often the solution. One of the libraries that are commonly usedContinue reading “GnuTLS and GLib, Part 1: Threads”

Design a site like this with WordPress.com
Get started