HackDig : Dig high-quality web security articles for hacker

The Internet’s Freshest Wounds: My Thoughts On Ticketbleed, Cloudbleed and HTTPS

UPDATE 2/24/17, 4:30 PM PST: Researcher Hanno Böck (@hanno) has confirmed that leaked CloudFlare data was not entirely purged from multiple search engine caches ahead of the public disclosure.In April 2014, the security community was shocked with the revelation that a poorly implemented TLS extension in OpenSSL could allow attackers to easily disclose privat
Publish At:2017-02-25 03:05 | Read:1524 | Comments:0 | Tags:IT Security and Data Protection Cloudbleed Cloudflare Google

Ticketbleed flaw in F5 Networks BIG-IP appliances exposed to remote attacks

F5 Networks BIG-IP appliances are affected by a serious vulnerability, tracked as CVE-2016-9244 and dubbed ‘Ticketbleed’ that exposes it to remote attacks The F5 Networks BIG-IP appliances are affected by a serious flaw, tracked as CVE-2016-9244 and dubbed ‘Ticketbleed’, that can be exploited by a remote attacker to extract the conten
Publish At:2017-02-09 19:50 | Read:1007 | Comments:0 | Tags:Breaking News Hacking F5 Networks BIG-IP Heartbleed Ticketbl

Roughly 200,000 Devices still affected by the Heartbleed vulnerability

More than two years after the disclosure of the HeartBleed bug, 200,000 services are still affected. Systems susceptible to Heartbleed attacks are still too many, despite the flaw was discovered in 2014 nearly 200,000 systems are still affected. Shodan made a similar search in November 2015 when he found 238,000 results, the number dropped to 237,539 resul
Publish At:2017-01-23 22:35 | Read:1382 | Comments:0 | Tags:Breaking News Hacking Reports Security CVE-2014-0160 encrypt

Heartbleed Still a Heartache 1,000 Days In

A recent report released by Shodan found that as of January 22, 2017, nearly 200,000 publicly accessible internet devices were vulnerable to Heartbleed.The detailed report gives some insight into those who continue to be exposed to this vulnerability. It’s no surprise that the majority of these systems are HTTPS pages hosted by Apache and running on Li
Publish At:2017-01-23 20:40 | Read:1135 | Comments:0 | Tags:Latest Security News Heartbleed security SHODAN

Flawed MatrixSSL Code Highlights Need for Better IoT Update Practices

SSL is a primary layer of defense on the Internet that makes it possible to have authenticated private conversations even over an untrusted network. Implementing a robust and secure SSL stack, however, is not trivial. Mistakes can lead to large attack surfaces, such as what we witnessed with OpenSSL when “Heartbleed” was discovered.In the wake of “Heartbleed
Publish At:2016-10-11 01:55 | Read:1174 | Comments:0 | Tags:Cyber Security Featured Articles Heartbleed Internet of Thin

Hackers Can’t Break This Style of Coding, Confirm Researchers

On April 7, 2014, the world first learned about the Heartbleed vulnerability. A small flaw in OpenSSL’s implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520), Heartbleed enables an attacker to unravel the encryption measures in systems protected by vulnerable OpenSSL software, which some at the time estimated
Publish At:2016-09-26 14:50 | Read:1010 | Comments:0 | Tags:Cyber Security Featured Articles coding formal verification

The Detox Ransome hacker stole Democratic National Committee DB in 2015

The notorious hacker Detox Ransome was searching for Heartbleed vulnerable servers when found and stole a Democratic National Committee DB in 2015. According to The Epoch Times, the notorious hacker Detox Ransome stole Democrat Databases in 2015. In September 2015, the hacker breached a service linked to the operations of the Democratic National Committee ac
Publish At:2016-07-30 01:15 | Read:1606 | Comments:0 | Tags:Breaking News Hacking Intelligence Democratic National Commi

Bug that can leak crypto keys just fixed in widely used OpenSSH

A critical bug that can leak secret cryptographic keys has just just been fixed in OpenSSH, one of the more widely used implementations of the secure shell (SSH) protocol.The vulnerability resides only in the version end users use to connect to servers and not in versions used by servers. A maliciously configured server could exploit it to obtain the content
Publish At:2016-01-15 01:05 | Read:1423 | Comments:0 | Tags:Risk Assessment Technology Lab heartbleed openssh secure she

Advantech ICS Gear Still Vulnerable to Shellshock, Heartbleed

Twice in the past year, security researchers have found and reported critical vulnerabilities in Modbus gateways built by Advantech that are used to connect serial devices in industrial control environments to IP networks.Most recently, independent security researcher Neil Smith found hard-coded SSH keys in the Advantech EKI series of devices, while a year a
Publish At:2015-12-03 05:35 | Read:1205 | Comments:0 | Tags:Critical Infrastructure Vulnerabilities Web Security Advante

Understanding the Value in Pesky PCI

Many merchants will tell you that PCI compliance is time-consuming and a drain on resources that should be focused on attracting more business – there is even a well-established market of PCI consultants and businesses to hire.The general sentiment is how to quickly and easily check the box. Monitoring and logging activity to create custom reports for the au
Publish At:2015-10-24 08:30 | Read:1028 | Comments:0 | Tags:Featured Articles PCI compliance David Bell Heartbleed Mario

Using Two-Factor Authentication for the Administration of Critical Infrastructure Devices

Two-factor authentication (2FA) is a type of multi-factor authentication that verifies a user based on something they have and something they know.The most popular 2FA method currently in use is the token code, which generates an authentication code at fixed intervals. Generally, the user will enter in their username, and their password will be a secret PIN
Publish At:2015-10-20 14:30 | Read:1089 | Comments:0 | Tags:Featured Articles Vulnerability Management 2FA Heartbleed pa

Secure Computation and The Right to Privacy

In December 1890, Samuel Warren and Louis Brandeis, concerned about privacy implications of the new “instantaneous camera,” penned The Right to Privacy, where they argue for protecting “all persons, whatsoever their position or station, from having matters which they may properly prefer to keep private, made public against their will.”125 years later, our pr
Publish At:2015-10-09 01:20 | Read:1793 | Comments:0 | Tags:IT Security and Data Protection breach encryption Heartbleed

Got PCI 3.1?

Why the Rapid Request for PCI 3.1?Announced April 15, 2015 with a high sense of urgency, PCI 3.1 is an unusual update occurring outside the typical three-year lifecycle for PCI DSS. But is it really that unusual for the data security world? The threat landscape is highly dynamic and requires continuous updates & monitoring, so why not PCI? PCI 3.1 is a d
Publish At:2015-10-02 07:20 | Read:1512 | Comments:0 | Tags:Featured Articles PCI EMV Heartbleed POODLE SSL TLS

Authentication: The Enterprise’s Weakest Link

Authentication is a weak link in any enterprise security solution, primarily because it relies heavily on how people use it. It’s also one of the most important factors, and any flaws can lead to significant issues and costly cyberattacks. As just one example, earlier this year the IBM-discovered Dyre Wolf campaign stole over $1 million from targeted e
Publish At:2015-09-24 22:25 | Read:1009 | Comments:0 | Tags:Fraud Protection Identity & Access Authentication Biometric

Heartbleed continues to put devices at risk

Over a year has now passed since we were first alerted to a flaw in the OpenSSL cryptography library, widely used in the implementation of Transport Layer Security (TLS) protocol. The bug CVE-2014-0160, was quickly dubbed “Heartbleed” (http://heartbleed.com/) after a missing bounds check in the TLS heartbeat extension. Despite the passing of time and the hig
Publish At:2015-09-17 22:20 | Read:1176 | Comments:0 | Tags:Thought Leadership Heartbleed

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud