HackDig : Dig high-quality web security articles for hacker

“Forbidden attack” makes dozens of HTTPS Visa sites vulnerable to tampering

Dozens of HTTPS-protected websites belonging to financial services giant Visa are vulnerable to attacks that allow hackers to inject malicious code and forged content into the browsers of visitors, an international team of researchers has found.In all, 184 servers—some belonging to German stock exchange Deutsche Börse and Polish banking association Zwizek Ba
Publish At:2016-05-26 21:40 | Read:2634 | Comments:0 | Tags:Law & Disorder Risk Assessment Technology Lab authentication

Cryptographic Algorithms Lab

For this lab we’ll be using GPG, OpenSSL to demonstrate symmetric and asymmetric encryption/decryption and MD5, SHA1 to demonstrate hash functions.Virtual Machine Needed: KaliBefore starting the lab here are some definitions:In all symmetric crypto algorithms (also called Secret Key encryption) a secret key is used for both encrypt plaintext and
Publish At:2016-04-22 00:35 | Read:2383 | Comments:0 | Tags:Cryptography

Experts crack nasty ransomware that took crypto-extortion to new heights

A nasty piece of ransomware that took crypto-extortion to new heights contains a fatal weakness that allows victims to decrypt their data without paying the hefty ransom.When it came to light two weeks ago, Petya was notable because it targeted a victim's entire startup drive by rendering its master boot record inoperable. It accomplished this by encrypting
Publish At:2016-04-12 08:50 | Read:2764 | Comments:0 | Tags:Law & Disorder Risk Assessment Technology Lab cryptography p

Security vs. encryption – time for some myth busting

“In war, truth is the first casualty.” Aeschylus We are at war again. FBI vs. Apple is all over the headlines and this seems to be one of the most important battles in Crypto War II (CWII). For the record. The first Crypto War raged in the end of the last millennium. US authorities wanted, among other things, to put chips with a backdoor in phones. ISIS and
Publish At:2016-03-24 06:41 | Read:2918 | Comments:0 | Tags:Privacy Security Apple crypto crypto war crypto wars cryptog

New attack steals secret crypto keys from Android and iOS phones

Researchers have devised an attack on Android and iOS devices that successfully steals cryptographic keys used to protect Bitcoin wallets, Apple Pay accounts, and other high-value assets.The exploit is what cryptographers call a non-invasive side-channel attack. It works against the Elliptic Curve Digital Signature Algorithm, a crypto system that's widely us
Publish At:2016-03-04 00:35 | Read:3409 | Comments:0 | Tags:Gear & Gadgets Infinite Loop Risk Assessment Technology Lab

More than 11 million HTTPS websites imperiled by new decryption attack

More than 11 million websites and e-mail services protected by the transport layer security protocol are vulnerable to a newly discovered, low-cost attack that decrypts sensitive communications in a matter of hours and in some cases almost immediately, an international team of researchers warned Tuesday. More than 81,000 of the top 1 million most popular Web
Publish At:2016-03-01 18:20 | Read:4970 | Comments:0 | Tags:Risk Assessment Technology Lab cryptography encryption explo

On-chip random key generation done using carbon nanotubes

Carbon nanotubes are small and can be semiconducting, which makes lots of people excited about using them as a replacement for features etched in silicon. But there are two big problems: the reactions that produce them create a random mix of metallic and semiconducting nanotubes, and it's really difficult to get them to go precisely where you need them to in
Publish At:2016-02-23 05:30 | Read:2386 | Comments:0 | Tags:Risk Assessment Scientific Method carbon nanotubes cryptogra

Hopelessly broken wireless burglar alarm lets intruders go undetected

A security system used in more than 200,000 homes has an unfixable flaw that allows tech-savvy burglars to disarm the alarm from as far away as a few hundred feet.The wireless home security system from SimpliSafe is marketed as costing less than competing ones and being easier to install, since it doesn't use wires for one component to communicate with anoth
Publish At:2016-02-19 11:05 | Read:3530 | Comments:0 | Tags:Risk Assessment Technology Lab burglar alarms cryptography I

New report contends mandatory crypto backdoors would be futile

An estimated 63 percent of the encryption products available today are developed outside US borders, according to a new report that takes a firm stance against the kinds of mandated backdoors some federal officials have contended are crucial to ensuring national security.The report, prepared by security researchers Bruce Schneier, Kathleen Seidel, and Sarany
Publish At:2016-02-11 22:10 | Read:1983 | Comments:0 | Tags:Law & Disorder Risk Assessment Technology Lab backdoors cryp

Crypto flaw was so glaring it may be intentional eavesdropping backdoor

An open source network utility used by administrators and security professionals contains a cryptographic weakness so severe that it may have been intentionally created to give attackers a surreptitious way to eavesdrop on protected communications, its developer warned Monday.Socat is a more feature-rich variant of the once widely used Netcat networking serv
Publish At:2016-02-02 21:10 | Read:3415 | Comments:0 | Tags:Law & Disorder Risk Assessment Technology Lab Uncategorized

High-severity bug in OpenSSL allows attackers to decrypt HTTPS traffic

Maintainers of the OpenSSL cryptographic code library have fixed a high-severity vulnerability that made it possible for attackers to obtain the key that decrypts communications secured in HTTPS and other transport layer security channels.While the potential impact is high, the vulnerability can be exploited only when a variety of conditions are met. First,
Publish At:2016-01-29 08:40 | Read:2886 | Comments:0 | Tags:Risk Assessment Technology Lab cryptography encryption secur

Where is my (intermediate) TLS certificate?

When dealing with TLS connections, it is important to understand how a client (in most cases this is a web browser) will be acting. Let’s quickly check some of the steps that are happening when a TLS connection is made.A web server will send its certificate down to the requesting client during the TLS handshake. But it is not only a single certificate but us
Publish At:2016-01-27 21:35 | Read:2050 | Comments:0 | Tags:Security certificates cryptography TLS

Primes, parameters and moduli

First a brief history of Diffie-Hellman for those not familiar with it The short version of Diffie-Hellman is that two parties (Alice and Bob) want to share a secret so they can encrypt their communications and talk securely without an eavesdropper (Eve) listening in. So Alice and Bob first share a public prime number and modulus (which Eve can see). Alice
Publish At:2016-01-20 20:45 | Read:2220 | Comments:0 | Tags:Cryptography

The SLOTH attack and IKE/IPsec

Executive Summary: The IKE daemons in RHEL7 (libreswan) and RHEL6 (openswan) are not vulnerable to the SLOTH attack. But the attack is still interesting to look at . The SLOTH attack released today is a new transcript collision attack against some security protocols that use weak or broken hashes such as MD5 or SHA1. While it mostly focuses on the issues fou
Publish At:2016-01-14 02:00 | Read:3344 | Comments:0 | Tags:Confidentiality Cryptography Integrity Red Hat Enterprise Li

Juniper drops NSA-developed code following new backdoor revelations

Juniper Networks, which last month made the startling announcement its NetScreen line of firewalls contained unauthorized code that can surreptitiously decrypt traffic sent through virtual private networks, said it will remove a National Security Agency-developed function widely suspected of also containing a backdoor for eavesdropping.Further ReadingHow the
Publish At:2016-01-10 12:35 | Read:2532 | Comments:0 | Tags:Law & Disorder Risk Assessment Technology Lab backdoors cryp

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud