Friday Squid Blogging: A Penguin Named "Squid"

18th Anniversary Post: New Species of Pygmy Squid Discovered - They're Ryukyuan pygmy squid and Hannan's pygmy squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Yes, this is the eighteenth anniversary of Friday Squid Blogging. The first squid ...
10 months ago Schneier.com

Friday Squid Blogging: A Penguin Named "Squid" - As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. ...
9 months ago Schneier.com

CVE-2024-23638 - Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of ...
6 months ago

Friday Squid Blogging: New Foods from Squid Fins - We only eat about half of a squid, ignoring the fins. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. It's just a complaint; the SEC still has to prove the allegations in court. It's ...
10 months ago Schneier.com

Friday Squid Blogging: Footage of Black-Eyed Squid Brooding Her Eggs - Amazing footage of a black-eyed squid carrying thousands of eggs. They tend to hang out about 6,200 feet below sea level. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Corton January ...
9 months ago Schneier.com

Friday Squid Blogging: Operation Squid - Operation Squid found 1.3 tons of cocaine hidden in frozen fish. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Gay parades for all you must all be gay or kneel before the gays in ...
8 months ago Schneier.com

CVE-2024-25617 - Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote ...
7 months ago

CVE-2023-46724 - Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate ...
1 year ago

Friday Squid Blogging: Influencer Accidentally Posts Restaurant Table QR Ordering Code - The woman-who has only been identified by her surname, Wang-was having a meal with friends at a hotpot restaurant in Kunming, a city in southwest China. When everyone's selections arrived at the table, she posted a photo of the spread on the Chinese ...
11 months ago Schneier.com

Friday Squid Blogging: Sqids - Sqids is an open-source library that lets you generate YouTube-looking IDs from numbers. These IDs are short, can be generated from a custom alphabet and are guaranteed to be collision-free. I haven't dug into the details enough to know how they can ...
10 months ago Schneier.com

Friday Squid Blogging: Vegan Squid-Ink Pasta - It is a simple idea but probably never seen before, since it is the opposite of what most people usually want: website owners want the most data they can get and players want to choose their username/avatar. In the context of privacy, doxing and ...
9 months ago Schneier.com

Friday Squid Blogging: New Squid Species - About Bruce Schneier I am a public-interest technologist, working at the intersection of security, technology, and people. I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998. I'm a fellow and ...
4 months ago Schneier.com

CVE-2019-18678 - An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches ...
4 years ago

CVE-2023-49288 - Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to ...
11 months ago Tenable.com

ISC fixed high-severity flaws in DNS software suite BIND - The latest BIND updates patch multiple remotely exploitable vulnerabilities that could lead to denial-of-service. BIND is a suite of software for interacting with the Domain Name System maintained by the Internet Systems Consortium. The ISC released ...
1 year ago Securityaffairs.com

Tech Companies Sign Accord to Combat AI-Generated Election Trickery - Executives from Adobe, Amazon, Google, IBM, Meta, Microsoft, OpenAI and TikTok gathered at the Munich Security Conference to announce a new framework for how they respond to AI-generated deepfakes that deliberately trick voters. Twelve other ...
9 months ago Securityweek.com

CVE-2021-41873 - Penguin Aurora TV Box 41502 is a high-end network HD set-top box produced by Tencent Video and Skyworth Digital. An unauthorized access vulnerability exists in the Penguin Aurora Box. An attacker can use the vulnerability to gain unauthorized access ...
2 years ago

A top-secret Chinese spy satellite just launched on a supersized rocket - China's largest rocket apparently wasn't big enough to launch the country's newest spy satellite, so engineers gave the rocket an upgrade. The Long March 5 launcher flew with a payload fairing some 20 feet taller than its usual nose cone when it took ...
11 months ago Packetstormsecurity.com

CVE-2019-12525 - An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if ...
2 years ago

CVE-2023-49285 - Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are ...
11 months ago Tenable.com

CVE-2024-25111 - Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause ...
8 months ago Tenable.com

CVE-2020-15811 - An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser ...
3 years ago

CVE-2023-50269 - Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request ...
11 months ago Tenable.com

Stanford University investigating cyberattack after ransomware claims - Stanford University is investigating a cybersecurity incident within its Department of Public Safety after a ransomware gang claimed it attacked the school on Friday. A spokesperson for the university directed Recorded Future News to a statement ...
11 months ago Therecord.media

Wyze camera glitch gave 13,000 users a peek into other homes - Wyze shared more details on a security incident that impacted thousands of users on Friday and said that at least 13,000 customers could get a peek into other users' homes. The company blames a third-party caching client library recently added to its ...
9 months ago Bleepingcomputer.com