SSL Certificates

Pierluigi Paganini March 28, 2015
A critical MiTM flaw in AFNetworking iOS, OS X framework was fixed

Security experts at Minded Security firm have recently discovered a flaw in the popular networking library for iOS and OS X AFNetworking. The researchers Simone Bovi and Mauro Gentile at the security firm Minded Security discovered a flaw in the popular networking library for iOS and OS X AFNetworking. The researchers found the flaw while were […]

Pierluigi Paganini September 29, 2014
SHA-1 has been deprecated, what can I do?

The SHA-1 cryptographic hash algorithm has been known vulnerable, Collision attacks against it are too affordable and attacks will get cheaper soon. Many websites today are using digital certificates signed using algorithms based on the hash algorithm called SHA-1. Hashing algorithms are used to ensure the integrity of the certificate in the signing processes, a flawed […]

Pierluigi Paganini May 13, 2014
Who and how is using forged SSL certificates worldwide?

Who is abusing of forged SSL certificates in MITM attacks worldwide? A team of researchers implemented a new detection technique to detect the abuses. A team of researchers at Carnegie Mellon University and engineers at Facebook have designed a detection technique for man-in-the-middle attacks over SSL on a large-scale. They analyzed the data extracting useful information, including the […]

Pierluigi Paganini February 14, 2014
Cybercriminals target mobile applications with fake SSL Certificates

Cybercriminals targeting mobile applications with fake SSL Certificates to run man-in-the-middle attacks against the affected companies and their customers. There is the wrong conviction that SSL certification user can protect users from be tricked to visit a fake website. Netcraft has uncovered numerous attacks based on fake SSL certificates used to impersonate online banking websites, ecommerce , ISPs and […]