HackDig : Dig high-quality web security articles for hacker

Crypto flaw made it easy for attackers to snoop on Juniper customers

As if people didn't already have cause to distrust the security of Juniper products, the networking gear maker just disclosed a vulnerability that allowed attackers to eavesdrop on sensitive communications traveling through customers' virtual private networks.In an advisory posted Wednesday, Juniper officials said they just fixed a bug in the company's Junos
Publish At:2016-07-15 09:45 | Read:5080 | Comments:0 | Tags:Risk Assessment Technology Lab backdoors cryptography encryp

HTTPS crypto’s days are numbered. Here’s how Google wants to save it

Like many forms of encryption in use today, HTTPS protections are on the brink of a collapse that could bring down the world as we know it. Hanging in the balance are most encrypted communications sent over the last several decades. On Thursday, Google unveiled an experiment designed to head off, or at least lessen, the catastrophe.In the coming months, Goog
Publish At:2016-07-09 07:25 | Read:4653 | Comments:0 | Tags:Risk Assessment Technology Lab cryptography encryption HTTPS

Cryptanalysis Tools

Some terms and definitionsAlice – Sender of the messageBob – ReceiverEve – Eavesdropper or unintended partyPlaintext – Message to be sentCiphertext – Coded messageEncryption – Coding of messageDecryption – Decoding the messageCryptology – Science of study of ciphersCryptography – Science (or art) of encrypted communication between Alice and Bob, such t
Publish At:2016-06-02 20:20 | Read:4236 | Comments:0 | Tags:Cryptography

“Forbidden attack” makes dozens of HTTPS Visa sites vulnerable to tampering

Dozens of HTTPS-protected websites belonging to financial services giant Visa are vulnerable to attacks that allow hackers to inject malicious code and forged content into the browsers of visitors, an international team of researchers has found.In all, 184 servers—some belonging to German stock exchange Deutsche Börse and Polish banking association Zwizek Ba
Publish At:2016-05-26 21:40 | Read:2882 | Comments:0 | Tags:Law & Disorder Risk Assessment Technology Lab authentication

Cryptographic Algorithms Lab

For this lab we’ll be using GPG, OpenSSL to demonstrate symmetric and asymmetric encryption/decryption and MD5, SHA1 to demonstrate hash functions.Virtual Machine Needed: KaliBefore starting the lab here are some definitions:In all symmetric crypto algorithms (also called Secret Key encryption) a secret key is used for both encrypt plaintext and
Publish At:2016-04-22 00:35 | Read:2640 | Comments:0 | Tags:Cryptography

Experts crack nasty ransomware that took crypto-extortion to new heights

A nasty piece of ransomware that took crypto-extortion to new heights contains a fatal weakness that allows victims to decrypt their data without paying the hefty ransom.When it came to light two weeks ago, Petya was notable because it targeted a victim's entire startup drive by rendering its master boot record inoperable. It accomplished this by encrypting
Publish At:2016-04-12 08:50 | Read:3007 | Comments:0 | Tags:Law & Disorder Risk Assessment Technology Lab cryptography p

Security vs. encryption – time for some myth busting

“In war, truth is the first casualty.” Aeschylus We are at war again. FBI vs. Apple is all over the headlines and this seems to be one of the most important battles in Crypto War II (CWII). For the record. The first Crypto War raged in the end of the last millennium. US authorities wanted, among other things, to put chips with a backdoor in phones. ISIS and
Publish At:2016-03-24 06:41 | Read:3139 | Comments:0 | Tags:Privacy Security Apple crypto crypto war crypto wars cryptog

New attack steals secret crypto keys from Android and iOS phones

Researchers have devised an attack on Android and iOS devices that successfully steals cryptographic keys used to protect Bitcoin wallets, Apple Pay accounts, and other high-value assets.The exploit is what cryptographers call a non-invasive side-channel attack. It works against the Elliptic Curve Digital Signature Algorithm, a crypto system that's widely us
Publish At:2016-03-04 00:35 | Read:3645 | Comments:0 | Tags:Gear & Gadgets Infinite Loop Risk Assessment Technology Lab

More than 11 million HTTPS websites imperiled by new decryption attack

More than 11 million websites and e-mail services protected by the transport layer security protocol are vulnerable to a newly discovered, low-cost attack that decrypts sensitive communications in a matter of hours and in some cases almost immediately, an international team of researchers warned Tuesday. More than 81,000 of the top 1 million most popular Web
Publish At:2016-03-01 18:20 | Read:5288 | Comments:0 | Tags:Risk Assessment Technology Lab cryptography encryption explo

On-chip random key generation done using carbon nanotubes

Carbon nanotubes are small and can be semiconducting, which makes lots of people excited about using them as a replacement for features etched in silicon. But there are two big problems: the reactions that produce them create a random mix of metallic and semiconducting nanotubes, and it's really difficult to get them to go precisely where you need them to in
Publish At:2016-02-23 05:30 | Read:2795 | Comments:0 | Tags:Risk Assessment Scientific Method carbon nanotubes cryptogra

Hopelessly broken wireless burglar alarm lets intruders go undetected

A security system used in more than 200,000 homes has an unfixable flaw that allows tech-savvy burglars to disarm the alarm from as far away as a few hundred feet.The wireless home security system from SimpliSafe is marketed as costing less than competing ones and being easier to install, since it doesn't use wires for one component to communicate with anoth
Publish At:2016-02-19 11:05 | Read:3794 | Comments:0 | Tags:Risk Assessment Technology Lab burglar alarms cryptography I

New report contends mandatory crypto backdoors would be futile

An estimated 63 percent of the encryption products available today are developed outside US borders, according to a new report that takes a firm stance against the kinds of mandated backdoors some federal officials have contended are crucial to ensuring national security.The report, prepared by security researchers Bruce Schneier, Kathleen Seidel, and Sarany
Publish At:2016-02-11 22:10 | Read:2219 | Comments:0 | Tags:Law & Disorder Risk Assessment Technology Lab backdoors cryp

Crypto flaw was so glaring it may be intentional eavesdropping backdoor

An open source network utility used by administrators and security professionals contains a cryptographic weakness so severe that it may have been intentionally created to give attackers a surreptitious way to eavesdrop on protected communications, its developer warned Monday.Socat is a more feature-rich variant of the once widely used Netcat networking serv
Publish At:2016-02-02 21:10 | Read:3654 | Comments:0 | Tags:Law & Disorder Risk Assessment Technology Lab Uncategorized

High-severity bug in OpenSSL allows attackers to decrypt HTTPS traffic

Maintainers of the OpenSSL cryptographic code library have fixed a high-severity vulnerability that made it possible for attackers to obtain the key that decrypts communications secured in HTTPS and other transport layer security channels.While the potential impact is high, the vulnerability can be exploited only when a variety of conditions are met. First,
Publish At:2016-01-29 08:40 | Read:3113 | Comments:0 | Tags:Risk Assessment Technology Lab cryptography encryption secur

Where is my (intermediate) TLS certificate?

When dealing with TLS connections, it is important to understand how a client (in most cases this is a web browser) will be acting. Let’s quickly check some of the steps that are happening when a TLS connection is made.A web server will send its certificate down to the requesting client during the TLS handshake. But it is not only a single certificate but us
Publish At:2016-01-27 21:35 | Read:2312 | Comments:0 | Tags:Security certificates cryptography TLS

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud