Pierluigi Paganini July 09, 2012
Cyberoam DPI vulnerability scares Tor

Last week, on blog.torproject.org was published the news relative to a security vulnerability found in Cyberoam DPI devices (CVE-2012-3372). All is started when a user in Jordan reported seeing a fake certificate to torproject.org. The certificate was issued by Cyberoam companies and the researchers of the Tor project believed that the CA has been tricked  […]

Pierluigi Paganini February 03, 2012
VeriSign Hacked. Why?

No peace in the cyber space, day after day we read that the computer systems for major corporations and governments are compromised due repeated cyber attacks. This time it was the prestigious Verisign, a name that is our mind we link to the concept of “strong security”, but we are learning that the total security […]

Pierluigi Paganini December 24, 2011
Iran, the cyber threat … are we creating a new enemy ?

“Iran, the super power capable of threatening the world”. This is the title of a hypothetical sensationalist article aimed to enhance the computer skills of a nation of which little is known. In recent weeks the strange coincidence of events is helping to fuel this belief that leaving the majority of Western countries perceive these […]

Pierluigi Paganini December 15, 2011
2011, CAs are under attack. Why steal a certificate?

2011 was a terrible year for the certification authorities, the number of successful attacks against some major companies reported is really high and totally out of any prediction. Many attacks have had disturbing consequences.It all began, or so we were led to believe, with the case Comodo. Comodo officials revealed that the registration authority had […]

Pierluigi Paganini December 01, 2011
“Mobile” intrigue … A prying eyes to carry around …

Let we use these ingredients to start some serious reflection on safety issues related to mobile devices: Robust growth in the mobile market, accompanied by technological advances that have made ​​these devices real PC. No awareness of those who use mobile terminals in relation to threats that they face. 2011 years of overtaking sales of […]

Pierluigi Paganini November 20, 2011
Elude control … let’s digitally sign malware code

F-Secure Researchers have discovered a digitally signed malware that has code signed with a stolen government certificate belonging to the Malaysian Agricultural Research and Development Institute. The issue has long been known and this attack methodic has triggered a widespread lack of confidence in the process of trusting based on the use of certificates. The impairment […]

Pierluigi Paganini November 08, 2011
SSL replacement? Convergence for replacing CA … Maybe

After the Diginotar case , another certification authority, the dutch KPN has released a statement announcing the termination of their service following the discovery that it has been compromised. KPN stopped issuing certificates after the detection of DDOS Tool on Server during an audit. First investigations have illustrated that the CA has been attacked four years ago. What really scares KPN of the story is that the same company, even before being a CA, is a state telephone company, and this opens up frightening scenarios on the security […]