Ticketmaster. Some 66,000 customers who purchased tickets with a credit card
from the Kartenhaus.de web site between October 24, 2006 and September 30,
2007 were affected.
WHID 2007-60: The blog of a Cambridge University security team hacked
=====================================================================
Reported: 19 December 2007, Occurred: 27 October 2007
Classifications:
> Ticketmaster. Some 66,000 customers who purchased tickets with a credit card
> from the Kartenhaus.de web site between October 24, 2006 and September 30,
> 2007 were affected.
>
>
> WHID 2007-60: The blog of a Cambridge University security team hacked
> =====================================================================
> Reported: 19 December 2007, Occurred: 27 October 2007
>
> Classifications:
>
Ticketmaster. Some 66,000 customers who purchased tickets with a credit card
from the Kartenhaus.de web site between October 24, 2006 and September 30,
2007 were affected.
WHID 2007-60: The blog of a Cambridge University security team hacked
=====================================================================
Reported: 19 December 2007, Occurred: 27 October 2007
Classifications:
Ticketmaster. Some 66,000 customers who purchased tickets with a credit card
from the Kartenhaus.de web site between October 24, 2006 and September 30,
2007 were affected.
WHID 2007-60: The blog of a Cambridge University security team hacked
=====================================================================
Reported: 19 December 2007, Occurred: 27 October 2007
Classifications:
> Security Advisory (08-AUG-2008) (CVE-2008-3280)
> ===============================================
>
> Ben Laurie of Google's Applied Security team, while working with an
> external researcher, Dr. Richard Clayton of the Computer Laboratory,
> Cambridge University, found that various OpenID Providers (OPs) had
> TLS Server Certificates that used weak keys, as a result of the Debian
> Predictable Random Number Generator (CVE-2008-0166).
>
> In combination with the DNS Cache Poisoning issue (CVE-2008-1447) and
> the fact that almost all SSL/TLS implementations do not consult CRLs
Security Advisory (08-AUG-2008) (CVE-2008-3280)
===============================================
Ben Laurie of Google's Applied Security team, while working with an
external researcher, Dr. Richard Clayton of the Computer Laboratory,
Cambridge University, found that various OpenID Providers (OPs) had
TLS Server Certificates that used weak keys, as a result of the Debian
Predictable Random Number Generator (CVE-2008-0166).
In combination with the DNS Cache Poisoning issue (CVE-2008-1447) and
the fact that almost all SSL/TLS implementations do not consult CRLs
Peeter Lorents, CCDCOE
Samuel Liles, Purdue University Calumet
Scott J. Shackelford, University of Cambridge
Simona Rocchi, NATO NC3A
Terry Pudas, Daniel Kuehl, US National Defence University
