MITM

Pierluigi Paganini July 28, 2014
Instagram Adroid App affected by account session Hijacking flaw

A security researcher disclosed a serious issue on Instagram’s Android Application which could be exploited by an attacker to impersonate a victim. A security issue related to Instagram Mobile App for Android expose the users’ account to serious risks of data breach. A security researcher discovered that the Instagram Mobile App is affected by a Hijacking vulnerability which could be […]

Pierluigi Paganini July 12, 2014
Gmail App for iOS vulnerable to Man-in-the-Middle Attacks

Security experts at Lacoon discovered a vulnerability in the Gmail iOS app which enables a bad actor to perform a Man-in-the-Middle. Google Gmail application for iOS is exposed to risks of  Man-in-the-Middle (MitM) attacks which allow bad actors to monitor encrypted email communications. An expert at mobile security firm Lacoon has discovered that version of Gmail […]

Pierluigi Paganini June 19, 2014
LinkedIn vulnerable to MITM attack that leverages an SSL stripping could expose users data at risk

Security experts at Zimperium firm revealed that LinkedIn users could be potentially vulnerable to Man-in-the-Middle attacks leveraging an SSL stripping. A new research is scaring users of LinkedIn revealing that they could be potentially vulnerable to Man-in-the-Middle (MITM) attacks leveraging an SSL stripping. Despite the US security firm Zimperium reported the problem to LinkedIn more than a […]

Pierluigi Paganini May 13, 2014
Who and how is using forged SSL certificates worldwide?

Who is abusing of forged SSL certificates in MITM attacks worldwide? A team of researchers implemented a new detection technique to detect the abuses. A team of researchers at Carnegie Mellon University and engineers at Facebook have designed a detection technique for man-in-the-middle attacks over SSL on a large-scale. They analyzed the data extracting useful information, including the […]

Pierluigi Paganini March 21, 2014
For Google it is time to encrypt all GMail connections

Google has announced to have adopted encrypt mechanisms for all Gmail connections to reply to the increasing demand of privacy of Internet users. Google decided to encrypt all Gmail connections to reply to the increasing demand of privacy of Internet users, all the links between its data centers will be encrypted. The surveillance programs disclosed by documents leaked […]

Pierluigi Paganini March 14, 2014
WhatsApp flaw allows hackers to steal private Chats on Android devices

A security consultant disclosed a security flaw in WhatsApp which can be exploited to gain access to the private chats of Android device owners.    The recent acquisition of WhatsApp by Facebook has done much to discuss, ever a price so high was paid for an app, but major concerns relate to users’ privacy. The security consultant Bas Bosschert […]

Pierluigi Paganini March 05, 2014
GnuTLS flaw in certificate verification exposes Linux world to attacks

A serious flaw in the certificate verification process of GnuTLS exposes Linux distros, apps to attack. Another flaw exploitable for surveillance purposes. GnuTLS is an open source secure communications library implementing the SSL, TLS and DTLS protocols, it is used in hundreds of software packages including Red Hat desktop,  all Debian and Ubuntu Linux distributions and many […]

Pierluigi Paganini March 04, 2014
SOHO pharming attack hit more that 300,000 devices worldwide

Researchers at Team Cymru published a detailed report on a large scale SOHO pharming attack that hit more that 300,000 devices worldwide. Another mass compromise of small office/home office (SOHO) wireless routers has been uncovered by researchers from security firm Team Cymru. The hackers adopted different techniques to exploit the numerous flaws discovered in the last months […]

Pierluigi Paganini February 27, 2014
FireEye discovered an Apple vulnerability which allows iOS keylogging

Researchers at FireEye have developed a POC that exploits an Apple vulnerability to implement a Background Monitoring on Non-Jailbroken iOS 7 Devices. A vulnerability in Apple products is once again the center of controversy because and also in this case the user’s privacy is at risk. The excellent team of security researchers at FireEye discovered another […]

Pierluigi Paganini February 24, 2014
Apple restores certificate validation checks mysteriously missed

Apple released a security update to iOS that restores some certificate-validation checks that had apparently been missing for an unspecified amount of time. Last week Apple released a security update to iOS (iOS 7.06) to fix a flaw for certificate-validation checks that could be abused by attackers to conduct a man-in-the-middle attack within the victim’s network  to capture or modify […]