Pierluigi Paganini March 31, 2021
IETF deprecates TLS 1.0 and TLS 1.1, update to latest versions

IETF has formally deprecated the TLS 1.0 and TLS 1.1 cryptographic protocols because they lack support for recommended cryptographic algorithms and mechanisms The Internet Engineering Task Force (IETF) formally deprecates Transport Layer Security (TLS) versions 1.0 (RFC 2246) and 1.1 (RFC 4346). Both versions lack support for current and recommended cryptographic algorithms and mechanisms. TLS […]

Pierluigi Paganini May 07, 2018
Chrome freezes PC running Windows OS after Windows 10 April update

Some Chrome users are reporting freezes and timeouts after the installation of the Windows 10 April Update, let’s see what has happened After the installation of  Windows 10 April Update I observed continuous freezes while using the Chrome browser with one of my PCs, in some cases, I was not able to reach the websites […]

Pierluigi Paganini March 30, 2018
Ensuring best website security through SSL Certificate updates.

What are the advantages for adopting an SSL Certificates and why is it important to discover and analyze SSL Certificates online? Secure Socket Layer (SSL) has gained weight with the increasing concern of security for all sensitive data online. In fact, it is the only reliable source for secure business and data handling. The entire […]

Pierluigi Paganini January 23, 2018
Three Sonic apps in the Google Play are leaking data to uncertified servers

According to a researcher from security firm Predeo, three Sonic apps in the Google Play published by SEGA leak users’ data to uncertified servers. According to a researcher from security firm Predeo, some game applications in the Google Play published by SEGA leak users’ data to uncertified servers. The Android apps are Sonic Dash,  Sonic the Hedgehog™ Classic, and Sonic […]

Pierluigi Paganini December 15, 2017
The cybersecurity firm Fox-IT disclosed a security breach that affected its infrastructure

For Fox-IT disclosed a security breach that affected its infrastructure and demonstrated how to manage it in an outstanding way. The cybersecurity firm Fox-IT, one of the top security companies currently owned by the UK giant NCC Group, disclosed a security breach that affected its infrastructure. According to the firm, on September 19 an unknown attacker carried […]

Pierluigi Paganini February 16, 2017
The OpenSSL Project fixed a High Severity flaw CVE-2017-3733 in release 1.1.0

On Thursday the OpenSSL Project has fixed a high severity denial-of-service (DoS) vulnerability in OpenSSL tracked as CVE-2017-3733. The OpenSSL development team has fixed a high severity denial-of-service (DoS) flaw tracked as CVE-2017-3733. This is the second security update released in just two months, the first one addressed four low and moderate severity flaws in the library. The […]

Pierluigi Paganini October 21, 2015
Businesses Using Millions of insecure SHA-1 Certificates

Experts at Netcraft discovered that nearly a million SSL SHA-1 certificates were signed with the potentially vulnerable SHA-1 hashing algorithm. Businesses Using Millions of Flawed Certificates, the news is shocking and refers the adoption of SHA-1 certificates, despite the algorithm is considered no more secure. Many big businesses, including firms like Deloitte, are still using SHA-1 certificates, […]

Pierluigi Paganini September 09, 2015
Many HTTPs sites at risk of revealing their private keys because of a critical bug

A number of recent discoveries suggest as more HTTPs websites, chat applicationss, and other services online are actualizing perfect forward secrecy. As per a Red Hat (a Linux distributor) security specialist, system equipment sold by few makers neglected to appropriately execute a broadly utilized cryptographic standard, an information releasing weakness that can permit spammers to […]

Pierluigi Paganini May 08, 2015
PCI DSS 3.1 and SSLv3: It’s best time to remove the 20 year old SSL protocol

To address the risk PCI DSS 3.1 updates requirements 2.2.3, 2.3 and 4.1 to remove SSL and early TLS as examples of strong cryptography.  “The National Institute of Standards and Technology (NIST) has identified the Secure Socket Layers (SSL) v3.0 protocol as no longer being acceptable for protection of data due to inherent weaknesses within the […]

Pierluigi Paganini March 28, 2015
A critical MiTM flaw in AFNetworking iOS, OS X framework was fixed

Security experts at Minded Security firm have recently discovered a flaw in the popular networking library for iOS and OS X AFNetworking. The researchers Simone Bovi and Mauro Gentile at the security firm Minded Security discovered a flaw in the popular networking library for iOS and OS X AFNetworking. The researchers found the flaw while were […]