HackDig : Dig high-quality web security articles for hacker

OpenSSL Patches Critical Certificate Validation Vulnerability

Organizations that installed the June 11 OpenSSL update need to pull it back immediately after a serious certificate validation error was discovered and patched today in a new update.The bug was reported two weeks ago to the OpenSSL project by Google researcher Adam Langley and BoringSSL’s David Benjamin, and affects only OpenSSL 1.0.1 and 1.0.2. &#
Publish At:2015-07-09 13:40 | Read:1183 | Comments:0 | Tags:Cryptography Vulnerabilities Web Security CA cryptography En

OpenSSL Issues Fix for High-Severity Alternative Chains Certificate Forgery (CVE-2015-1793)

OpenSSL has released an advisory urging users to update their systems in the wake of a high-severity alternative chains certificate forgery bug.“During certificate verification, OpenSSL (starting from version 1.0.1n and 1.0.2b) will attempt to find an alternative certificate chain if the first attempt to build such a chain fails,” the advisory re
Publish At:2015-07-09 12:30 | Read:1106 | Comments:0 | Tags:Latest Security News Bug CA OpenSSL vulnerability

OpenSSL Patches Five Flaws, Adds Protection Against Logjam Attack

The OpenSSL project has patched several moderate- and low-severity security vulnerabilities and also has added protection against the Logjam attack in new releases of the software.Most of the vulnerabilities fixed in the new releases are denial-of-service bugs, but one of them can potentially cause memory corruption. That vulnerability only affected older ve
Publish At:2015-06-11 17:00 | Read:2755 | Comments:0 | Tags:Cryptography Vulnerabilities Web Security Encryption Logjam

Denial of Service Attacks Possible with OpenSSL Vulnerability CVE-2015-1787

On March 19 we wrote about how OpenSSL disclosed and fixed 13 vulnerabilities to address several security holes. Among the vulnerabilities addressed was CVE-2015-1787, which can result in a complete denial of service on an application compiled with OpenSSL library. This blog post will tackle how the bug can be exploited, and how Trend Micro can protect again
Publish At:2015-04-16 14:30 | Read:2057 | Comments:0 | Tags:Vulnerabilities CVE-2015-1787 denial of service attacks Open

OpenSSL Mystery Patch is No Heartbleed

Hold the logo and the dedicated website; the anticipated high-severity OpenSSL vulnerability is serious, but it’s no Heartbleed or POODLE.As it turns out, the bug is a denial-of-service condition that affects only version 1.0.2 of the ubiquitous crypto library. A dozen other vulnerabilities (nine ranked moderate, and three low) in older versions were a
Publish At:2015-03-20 01:00 | Read:1506 | Comments:0 | Tags:Cryptography Vulnerabilities Web Security client crash denia

OpenSSL warns of two high-severity bugs, but no Heartbleed

Security mavens bracing for Thursday's scheduled disclosure of a high-severity vulnerability in the widely used OpenSSL crypto library need wait no longer. It's a bug that allows end users to crash servers running one version of the software by sending data that's relatively easy to duplicate."If a client connects to an OpenSSL 1.0.2 server and renegotia
Publish At:2015-03-19 21:45 | Read:1401 | Comments:0 | Tags:Risk Assessment Technology Lab exploits openssl secure socke

#HackerKast 27: SXSW, Copy Magic Paste, Tinder AI, GTA V, Mystery SSL Fix

Hey everybody! Quick recap this week as we are gearing up for the Top 10 Web Hacks Webinar (Which you can register to watch here) Robert and I just got back from SXSW this weekend and that was a very interesting experience. My first big trade show floor that wasn’t security related. Tons of interesting stuff floating around Austin this week! First sto
Publish At:2015-03-19 03:35 | Read:4359 | Comments:0 | Tags:Technical Insight Vulnerabilities WhiteHat HackerKast Copy M

Android exfiltration, OpenSSL, and iOS app memory handling

Android exfiltration, OpenSSL, and iOS app memory handling I’ll try not to rant on yet again Google’s squirming on security issues – especially in the context of malware – but it’s not been an altogether happy few weeks in Android security. According to Fo
Publish At:2015-03-19 01:15 | Read:1608 | Comments:0 | Tags:David Harley Android FREAK iOS OpenSSL IOS

OpenSSL to Patch High Severity Vulnerability this Week

The OpenSSL Foundation is set to release a handful of patches for undisclosed security vulnerabilities in its widely used open source software later this week, including one that has been rated "high" severity.In a mailing list note published last night, Matt Caswell of the OpenSSL Project Team announced that OpenSSL versions 1.0.2a, 1.0.1m, 1.0.0r, and 0.
Publish At:2015-03-18 18:05 | Read:1935 | Comments:0 | Tags:Freak SSL Vulnerability hacking news Linux update OpenSSL Op

Mobile Android, iOS Apps Still Vulnerable to FREAK Attacks

In the shadow of a major OpenSSL vulnerability scheduled to be announced tomorrow, lingering issues remain with mobile platforms and applications that still run versions of the crypto library vulnerable to FREAK attacks.A report published Tuesday by FireEye paints a bleak picture of vulnerable versions of iOS and Android applications that have been downloade
Publish At:2015-03-18 17:00 | Read:1089 | Comments:0 | Tags:Apple Hacks Mobile Security Vulnerabilities 512-bit RSA keys

OpenSSL to Fix ‘High’ Severity Security Flaw

 The OpenSSL Project, a collaborative effort designed to develop an open source toolkit that implements SSL and TLS, has announced that it will be fixing a number of security flaws on Thursday, one of which it has labeled “high” severity.The initiative made the announcement in a message circulated yesterday.“The OpenSSL project team would like to announ
Publish At:2015-03-17 23:50 | Read:1105 | Comments:0 | Tags:Latest Security News OpenSSL toolkit vulnerability

OpenSSL announced fix for mystery high critical vulnerability

New versions of OpenSSL will be released on Thursday to patch critical security vulnerabilities, one of which is considered very dangerous. The OpenSSL Project Team announced in an advisory published on Monday that new versions of OpenSSL will be released on Thursday to patch several security vulnerabilities. The disconcerting
Publish At:2015-03-17 09:40 | Read:1362 | Comments:0 | Tags:Breaking News Security encryption FREAK Heartbleed OpenSSL s

OpenSSL Security Audit Ready to Start

Funding from the Core Infrastructure Initiative has helped the maintainers of OpenSSL, one of the Internet’s most-deployed pieces of open source software, begin to get the crypto implementation on its feet.Despite its ubiquity, OpenSSL has historically been under-funded and under-resourced, though no one outside those close to the project knew how dire
Publish At:2015-03-10 16:50 | Read:1063 | Comments:0 | Tags:Cryptography Vulnerabilities Web Security Backdoors Core Inf

CVE-2015-0204 Freak Attack

It has been discovered that OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k are vulnerable to a downgrade attack. In short, an attacker could man-in-the-middle a user and web server, force the user and server to downgrade to a set of export ciphers which are weak and outdated. They could then brute force the key and thus decrypt the HTTP
Publish At:2015-03-05 19:20 | Read:2786 | Comments:0 | Tags:Vulnerabilities Web Application Security man-in-the-middle O

FREAK Vulnerability Forces Weaker Encryption

Security researchers and news outlets are reporting about a newly discovered vulnerability believed to exist since the 90s. This vulnerability, dubbed as FREAK (Factoring RSA Export Keys), forces a secure connection to use weaker encryption—making it easy for cybercriminals to decrypt sensitive information. Vulnerable since the 1990s The flaw came about in t
Publish At:2015-03-04 21:20 | Read:963 | Comments:0 | Tags:Vulnerabilities android Apple CVE-2015-0204 FREAK OpenSSL Vu

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud