PKI Archives - Page 3 of 4 - Security Affairs

Pierluigi Paganini September 19, 2015

D-Link firmware accidentally includes Code Signing Keys

The Taiwanese networking equipment manufacturer D-Link has accidentally published its private code signing keys in the source of one of its firmware update. According to the Dutch news site Tweakers, the Taiwan-based networking equipment manufacturer D-Link accidently published its private code signing keys inside its open source firmware packages. One of the readers of the Dutch news […]

Pierluigi Paganini July 10, 2015

OpenSSL fixes Alternative chains certificate forgery flaw

OpenSSL Foundation fixed a critical issue that impacts any application that uses the popular crypto library in the authentication processes. OpenSSL Foundation has issued a security update as announced weeks ago. The patch just released fixes a mysterious security flaw affecting the OpenSSL code library, in the last weeks, the details of the vulnerability weren’t disclosed […]

Pierluigi Paganini April 05, 2015

Google Internet Authority G2 has become untrusted due to an expired certificate

Gmail and Google Apps have noticed on Saturday that the Google Internet Authority G2 has become untrusted due to an expired digital certificate. On Saturday April 4, the Google Internet Certificate Authority G2 has become untrusted due to an expired digital certificate in the chain of trust. The Google Internet Authority G2 is an essential component of the Google PKI […]

Pierluigi Paganini March 21, 2015

Qualys provides SSL Labs APIs and a tool to automate SSL/TLS tests

Qualys announced the availability of free assessment SSL Labs APIs and a tool that could be used by users to automate SSL vulnerability testing for websites. The Qualys security firm recently created the Qualys SSL Labs that provided a free tool to conduct free assessment by using its APIs and a new tool that enable SSL […]

Pierluigi Paganini January 30, 2015

Mozilla continues the phasing out of 1024-bit SSL CA certificates

Mozilla products including the Firefox browser will stop trusting SSL certificates that were issued using old root CA certificates with 1024-bit RSA keys. Mozilla products including the popular Firefox browser will stop trusting SSL certificates that were issued using old root CA certificates with 1024-bit RSA keys. With this decision Mozilla wants to stress certificate authorities (CAs) […]

Pierluigi Paganini July 29, 2014

Misusing Digital Certificates

Excerpt from the post “How Cybercrime Exploits Digital Certificates” which details means and motivation of illicit activities which abuses digital certificates. Digital certificates have been misused many times during recent years. Bad actors abused them to conduct cyber attacks against private entities, individuals and government organizations. The principal abuses of digital certificates observed by security […]

Pierluigi Paganini May 13, 2014

Who and how is using forged SSL certificates worldwide?

Who is abusing of forged SSL certificates in MITM attacks worldwide? A team of researchers implemented a new detection technique to detect the abuses. A team of researchers at Carnegie Mellon University and engineers at Facebook have designed a detection technique for man-in-the-middle attacks over SSL on a large-scale. They analyzed the data extracting useful information, including the […]

Pierluigi Paganini February 14, 2014

Unclassified NSA memorandum provides further details on Snowden case

An unclassified NSA memorandum disclosed by the NBC News reveals Snowden allegedly managed to access classified documentation stealing coworker’s passwords. The hypothesis that Edward Snowden has operated using a simple web-crawler is very curious, how is it possible that a lonely consultant had access to a so huge collection of documents from NSA archives? Why Does […]

Pierluigi Paganini December 08, 2013

French Government ANSSI responsible of a MITM against Google SSL-TLS

Google discovered the unauthorized use of digital certificates issued by an intermediate certificate authority linked to ANSSI for several Google domains. Google has revealed that late on December 3rd it became aware of unauthorized digital certificates for several Google domains and immediately has started the investigation. Security experts at Google found that the digital certificates […]

Pierluigi Paganini October 19, 2013

Apple iMessage vulnerable to MITM attack

Quarkslab researchers Cyril Cattiaux has revealed Apple lied when it claimed it could not intercept iMessages sent by its users. Quarkslab researchers Cyril Cattiaux revealed that it is possible to break encryption implemented in Apple’s iMessage application due the presence of a weakness in the key management process. The announcement was made during the Hack in the Box conference […]

PKI

D-Link firmware accidentally includes Code Signing Keys

OpenSSL fixes Alternative chains certificate forgery flaw

Google Internet Authority G2 has become untrusted due to an expired certificate

Qualys provides SSL Labs APIs and a tool to automate SSL/TLS tests

Mozilla continues the phasing out of 1024-bit SSL CA certificates

Misusing Digital Certificates

Who and how is using forged SSL certificates worldwide?

Unclassified NSA memorandum provides further details on Snowden case

French Government ANSSI responsible of a MITM against Google SSL-TLS

Apple iMessage vulnerable to MITM attack

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

CISA released Thorium platform to support malware and forensic analysis

Russia-linked APT Secret Blizzard targets foreign embassies in Moscow with ApolloShadow malware

Dahua Camera flaws allow remote hacking. Update firmware now

Researchers released a decryptor for the FunkSec ransomware

Apple fixed a zero-day exploited in attacks against Google Chrome users

QUICK LINKS

PKI

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!