Pierluigi Paganini
January 23, 2017
More than two years after the disclosure of the HeartBleed bug, 200,000 services are still affected. Systems susceptible to Heartbleed attacks are still too many, despite the flaw was discovered in 2014 nearly 200,000 systems are still affected. Shodan made a similar search in November 2015 when he found 238,000 results, the number dropped to 237,539 […]
Pierluigi Paganini
July 07, 2016
Researchers devised a method to unmask malware’s use of TLS without decrypting the data flow. The technique relies on analysis of observable data features. A team of security experts from Cisco demonstrated that it is possible to detect a malware in TLS connections without decrypting the traffic and block it. The researchers Blake Anderson, Subharthi Paul […]
Pierluigi Paganini
May 31, 2016
According to the security firm High-Tech Bridge many of the Alexa Top 10,000 websites are still vulnerable to the OpenSSL flaw CVE-2016-2107. The CVE-2016-2107 flaw affecting the open-source cryptographic library could be exploited to launch a man-in-the-middle attack leveraging on the ‘Padding Oracle Attack’ that can decrypt HTTPS traffic if the connection uses AES-CBC cipher and the server supports AES-NI. According […]
Pierluigi Paganini
May 26, 2016
Dozens of HTTPS-protected websites belonging to Visa are vulnerable to Forbidden Attack, nearly 70,000 servers are at risk. A new attack technique dubbed ‘Forbidden attack’ expose dozens of HTTPS Visa sites vulnerable to cyber attacks and roughly another 70,000 servers are at risk. A group of international researchers (Hanno Böck, Aaron Zauner, Sean Devlin, Juraj Somorovsky, […]
Pierluigi Paganini
May 05, 2016
OpenSSL has the patches for six flaws including two high-severity bugs that could allow attackers to decrypt HTTPS traffic and execute malicious code on the server. OpenSSL just released several patches to fix vulnerabilities in the open-source cryptographic library, including a couple of high-severity flaws (CVE-2016-2107, CVE-2016-2108) that could be exploited to decrypt HTTPS Traffic. The CVE-2016-2107 could […]
Pierluigi Paganini
January 30, 2016
Developers of OpenSSL issued a patch that fixes a high-severity vulnerability that allows attackers to decrypt secure traffic. The development team at the OpenSSL has issued a security patch to fix a flaw, coded as CVE-2016-0701, that could be exploited by hackers to decrypt secure traffic. The flaw was reported on January 12 by Antonio Sanso […]
Pierluigi Paganini
May 08, 2015
To address the risk PCI DSS 3.1 updates requirements 2.2.3, 2.3 and 4.1 to remove SSL and early TLS as examples of strong cryptography. “The National Institute of Standards and Technology (NIST) has identified the Secure Socket Layers (SSL) v3.0 protocol as no longer being acceptable for protection of data due to inherent weaknesses within the […]
Pierluigi Paganini
March 27, 2015
Bar Mitzvah is the name of a new attack on RC4-Based SSL/TLS encryption that allows disclosure of sensitive data by exploiting a 13-Year-Old Vulnerability. Both Secure Sockets Layer (SSL) and its successor Transport Layer Security (TLS) cryptographic protocols rely on the Rivest Cipher 4 (RC4) algorithm to encrypt data transfers. The problem is that the […]
Pierluigi Paganini
March 21, 2015
Qualys announced the availability of free assessment SSL Labs APIs and a tool that could be used by users to automate SSL vulnerability testing for websites. The Qualys security firm recently created the Qualys SSL Labs that provided a free tool to conduct free assessment by using its APIs and a new tool that enable SSL […]
Pierluigi Paganini
December 10, 2014
Researchers at Qualys revealed that POODLE is likely to hit some of the most popular websites because the flaw also affects implementations of newer TLS. POODLE (Padding Oracle On Downgraded Legacy Encryption) is a critical vulnerability affecting SSL that was discovered in October 2014. The researchers at Google that discovered it, explained that the POODLE flaw is related […]
Data Breach / November 21, 2024
