Pierluigi Paganini
October 11, 2021
The NSA issued a technical advisory to warn organizations against the use of wildcard TLS certificates and the new ALPACA TLS attack. The National Security Agency (NSA) is warning organizations against the use of wildcard TLS certificates and the new ALPACA TLS attack. A wildcard certificate is a public key certificate that can be used […]
Pierluigi Paganini
November 18, 2019
Cyber security firm Venafi announced it has uncovered lookalike domains with valid TLS certificates that appear to target major retailers. Venafi, Inc. is a private cybersecurity company that develops software to secure and protect cryptographic keys and digital certificates. Ahead of the holiday shopping season, security experts from Venafi conducted a study of typosquatted domains […]
Pierluigi Paganini
July 02, 2019
Firefox finally addressed the issues with antivirus apps crashing HTTPS websites starting with the release of Firefox 68. Mozilla announced that it will resolve the issues that caused antivirus apps crashing HTTPs websites with the release of Firefox 68 version. The problems began after the release of Firefox 65 in December 2018, since then experts […]
Pierluigi Paganini
June 19, 2018
The Internet-Draft document if approved formally deprecates Transport Layer Security versions 1.0 (TLS 1.0) [RFC2246] and 1.1 (TLS 1.1) [RFC4346]. In March, the Internet Engineering Task Force (IETF) finally announced the approval of TLS 1.3, the new version of the Transport Layer Security traffic encryption protocol. It was a long journey, the IETF has been analyzing proposals for TLS 1.3 since April 2014, the […]
Pierluigi Paganini
March 26, 2018
The Internet Engineering Task Force (IETF) has finally announced the approval of TLS 1.3, the new version of the Transport Layer Security traffic encryption protocol. It was a long journey, the IETF has been analyzing proposals for TLS 1.3 since April 2014, the final release is the result of the work on 28 drafts. The TLS protocol […]
Pierluigi Paganini
February 16, 2018
OpenSSL adds TLS 1.3 (Transport Layer Security) supports in the alpha version of OpenSSL 1.1.1 that was announced this week. OpenSSL adds TLS 1.3 supports in the alpha version of OpenSSL 1.1.1 that was announced this week. TLS protocol was designed to allow client/server applications to communicate over the Internet in a secure way preventing message forgery, eavesdropping, […]
Pierluigi Paganini
February 06, 2018
Researcher at Fidelis Cybersecurity devised a new technique that abuses X.509 Digital Certificates to establish a covert data exchange channel Last year, during the Bsides conference in July 2017, the security researcher at Fidelis Cybersecurity Jason Reaves demonstrated how to covertly exchange data using X.509 digital certificates, now the same expert published the proof-of-concept code. The X.509 is […]
Pierluigi Paganini
December 13, 2017
ROBOT ATTACK – Security experts have discovered a 19-year-old flaw in the TLS network security protocol that affects many software worldwide. The security researchers Hanno Böck and Juraj Somorovsky of Ruhr-Universität Bochum/Hackmanit, and Craig Young of Tripwire VERT, have discovered a 19-year-old vulnerability in the TLS network security protocol in the software several tech giants […]
Pierluigi Paganini
May 30, 2017
The security researcher Stefan Winter has discovered a TLS resumption authentication bypass in FreeRADIUS, the world’s most popular RADIUS Server. The security researcher Stefan Winter from the Luxembourg’s high-speed academic network RESTENA has discovered a FreeRADIUS TLS resumption authentication bypass. FreeRADIUS is the world’s most popular RADIUS Server, “it is the basis for multiple commercial offerings. It supplies the […]
Pierluigi Paganini
February 16, 2017
On Thursday the OpenSSL Project has fixed a high severity denial-of-service (DoS) vulnerability in OpenSSL tracked as CVE-2017-3733. The OpenSSL development team has fixed a high severity denial-of-service (DoS) flaw tracked as CVE-2017-3733. This is the second security update released in just two months, the first one addressed four low and moderate severity flaws in the library. The […]
Data Breach / November 21, 2024
