The Taiwanese networking equipment manufacturer D-Link has accidentally published its private code signing keys in the source of one of its firmware update. According to the Dutch news site Tweakers, the Taiwan-based networking equipment manufacturer D-Link accidently published its private code signing keys inside its open source firmware packages. One of the readers of the Dutch news […]
OpenSSL Foundation fixed a critical issue that impacts any application that uses the popular crypto library in the authentication processes. OpenSSL Foundation has issued a security update as announced weeks ago. The patch just released fixes a mysterious security flaw affecting the OpenSSL code library, in the last weeks, the details of the vulnerability weren’t disclosed […]
Gmail and Google Apps have noticed on Saturday that the Google Internet Authority G2 has become untrusted due to an expired digital certificate. On Saturday April 4, the Google Internet Certificate Authority G2 has become untrusted due to an expired digital certificate in the chain of trust. The Google Internet Authority G2 is an essential component of the Google PKI […]
Qualys announced the availability of free assessment SSL Labs APIs and a tool that could be used by users to automate SSL vulnerability testing for websites. The Qualys security firm recently created the Qualys SSL Labs that provided a free tool to conduct free assessment by using its APIs and a new tool that enable SSL […]
Mozilla products including the Firefox browser will stop trusting SSL certificates that were issued using old root CA certificates with 1024-bit RSA keys. Mozilla products including the popular Firefox browser will stop trusting SSL certificates that were issued using old root CA certificates with 1024-bit RSA keys. With this decision Mozilla wants to stress certificate authorities (CAs) […]
Excerpt from the post “How Cybercrime Exploits Digital Certificates” which details means and motivation of illicit activities which abuses digital certificates. Digital certificates have been misused many times during recent years. Bad actors abused them to conduct cyber attacks against private entities, individuals and government organizations. The principal abuses of digital certificates observed by security […]
Who is abusing of forged SSL certificates in MITM attacks worldwide? A team of researchers implemented a new detection technique to detect the abuses. A team of researchers at Carnegie Mellon University and engineers at Facebook have designed a detection technique for man-in-the-middle attacks over SSL on a large-scale. They analyzed the data extracting useful information, including the […]
An unclassified NSA memorandum disclosed by the NBC News reveals Snowden allegedly managed to access classified documentation stealing coworker’s passwords. The hypothesis that Edward Snowden has operated using a simple web-crawler is very curious, how is it possible that a lonely consultant had access to a so huge collection of documents from NSA archives? Why Does […]
Google discovered the unauthorized use of digital certificates issued by an intermediate certificate authority linked to ANSSI for several Google domains. Google has revealed that late on December 3rd it became aware of unauthorized digital certificates for several Google domains and immediately has started the investigation. Security experts at Google found that the digital certificates […]
Quarkslab researchers Cyril Cattiaux has revealed Apple lied when it claimed it could not intercept iMessages sent by its users. Quarkslab researchers Cyril Cattiaux revealed that it is possible to break encryption implemented in Apple’s iMessage application due the presence of a weakness in the key management process. The announcement was made during the Hack in the Box conference […]