HackDig : Dig high-quality web security articles for hacker

SHAttered attack, Google and CWI conducted the first SHA-1 collision attack

Experts at Google and CWI conducted the first real world collision attack against popular SHA-1 hashing algorithm, so called shattered-attack. Researchers at Google and Centrum Wiskunde & Informatica (CWI) in the Netherlands succeeded in conducting the first real world collision attack against popular SHA-1 hashing algorithm. The researchers created two
Publish At:2017-02-24 10:20 | Read:885 | Comments:0 | Tags:Breaking News Hacking Collision Attack digest digital certif

Already on probation, Symantec issues more illegit HTTPS certificates

reader comments 43 Share this story A security researcher has unearthed evidence showing that three browser-trusted certificate authorities (CAs) owned and operated by Symantec improperly issued more than 100 unvalidated transport layer security certificates. In some cases, those certificates made it possible to spoof HTTPS-protected w
Publish At:2017-01-21 11:20 | Read:1165 | Comments:0 | Tags:Law & Disorder Risk Assessment certificate authorities PKI P

Kaspersky fixing a serious problem with inspection digital certificates

Google hacker Tavis Ormandy discovered a serious flaw that affects the Kaspersky antivirus software and the way it manages inspection digital certificates. Experts from Kaspersky are solving a problem that disabled certificate validation for 400 million users. The problem was spotted by the notorious Google hacker Tavis Ormandy, the vulnerability affects the
Publish At:2017-01-04 10:40 | Read:849 | Comments:0 | Tags:Breaking News Digital ID Hacking digital certificates Kasper

Mozilla plans to ban the Chinese CA WoSign due to trust violations

Mozilla is at the point of banning Chinese certificate authority WoSign due to a number of severe violations that could impact Internet users. Mozilla is at the point of banning Chinese certificate authority WoSign due to a number of violations, including backdating SHA -1 certificates in order to subvert deprecating certs from being trusted. According to a
Publish At:2016-09-30 12:00 | Read:828 | Comments:0 | Tags:Breaking News Digital ID Security Certification Authority di

Let’s Encrypt has already issued one Million certificates

The Electronic Frontier Foundation announced that the Let’s Encrypt Certificate Authority issued its millionth certificate. The open Certificate Authority (CA) Let’s Encrypt seems to be a success, the EFF is reaching its goals with the creation of this new certificate authority run by Internet Security Research Group (ISRG). IT giants like Mozilla, Cis
Publish At:2016-03-09 11:05 | Read:1168 | Comments:0 | Tags:Breaking News Digital ID Security digital certificates EFF L

xboxlive digital certificate exposed opens users to MITM attacks

Microsoft has issued an advisory to notify customers that the private keys for an SSL/TLS digital certificate for *xboxlive.com have been disclosed. According to a security advisory published by Microsoft, the company is propagating a new certificate for the *.xboxlive.com domain because it has “inadvertently disclosed” the ce
Publish At:2015-12-10 01:00 | Read:812 | Comments:0 | Tags:Digital ID Security Breaking News Hacking PKI Digital Certif

The US DoD still uses SHA-1 signed certificates for use by military agencies

The United States Department of Defense is still issuing SHA-1 signed certificates for its military agencies, despite they are considered insecure. Today I have published a blog post on the Army Vulnerability Response Program (AVRP), a sort of bug bounty program specific for the US military environment. The idea is to incentiv
Publish At:2015-10-28 22:20 | Read:1022 | Comments:0 | Tags:Breaking News Digital ID Hacking Security digital certificat

Businesses Using Millions of insecure SHA-1 Certificates

Experts at Netcraft discovered that nearly a million SSL SHA-1 certificates were signed with the potentially vulnerable SHA-1 hashing algorithm. Businesses Using Millions of Flawed Certificates, the news is shocking and refers the adoption of SHA-1 certificates, despite the algorithm is considered no more secure. Many big busi
Publish At:2015-10-22 04:20 | Read:783 | Comments:0 | Tags:Breaking News Digital ID Hacking Reports Security digital ce

Cost of Breaking SHA-1 decreases due to a new Collision Attack

A group of researchers has demonstrated that the cost of breaking the SHA-1 hash algorithm is lower than previously estimated. The SHA-1 is still one of the most used cryptographic hash algorithm, but bad news for its supporters, a New Collision Attack Lowers Cost of Breaking it. The news is worrying, the cost and time necessa
Publish At:2015-10-10 15:10 | Read:999 | Comments:0 | Tags:Breaking News Hacking Security digest digital certificates e

Code Signing certificates becoming popular cybercrime commodity

Learn what Certificates as a Service stand for, discover why Code Signing certificates are a precious commodity and find out how to protect yourself online. A recent phenomenon tracked by IBM Security X-Force researchers is the CaaS (Certificates as a service). Cybercriminals would use the Dark Web for selling high-grade code
Publish At:2015-10-09 21:10 | Read:818 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware Certificates as a

D-Link firmware accidentally includes Code Signing Keys

The Taiwanese networking equipment manufacturer D-Link has accidentally published its private code signing keys in the source of one of its firmware update. According to the Dutch news site Tweakers, the Taiwan-based networking equipment manufacturer D-Link accidently published its private code signing keys inside its open sou
Publish At:2015-09-19 20:20 | Read:1059 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Code Signing keys D-Link D

Will Quantum Computers Threaten Modern Cryptography?

Modern cryptography, including elliptic curve cryptography, is being used extensively for securing our internet payments, banking transactions, emails and even phone conversations. The majority of today’s cryptographic algorithms are based on public-key encryption, which is considered to be secure against attacks from modern computers. Quantum computin
Publish At:2015-09-15 08:55 | Read:1508 | Comments:0 | Tags:Cryptography Featured Articles Ashig JA cryptography PKI qua

OpenSSL fixes Alternative chains certificate forgery flaw

OpenSSL Foundation fixed a critical issue that impacts any application that uses the popular crypto library in the authentication processes. OpenSSL Foundation has issued a security update as announced weeks ago. The patch just released fixes a mysterious security flaw affecting the OpenSSL code library, in the last weeks, t
Publish At:2015-07-11 00:40 | Read:870 | Comments:0 | Tags:Breaking News Digital ID Security CVE-2015-1793 digital cert

Google Internet Authority G2 has become untrusted due to an expired certificate

Gmail and Google Apps have noticed on Saturday that the Google Internet Authority G2 has become untrusted due to an expired digital certificate. On Saturday April 4, the Google Internet Certificate Authority G2 has become untrusted due to an expired digital certificate in the chain of trust. The Google Internet Authority G2 is
Publish At:2015-04-05 18:20 | Read:1158 | Comments:0 | Tags:Breaking News Digital ID Security Digital Certificate Google

Qualys provides SSL Labs APIs and a tool to automate SSL/TLS tests

Qualys announced the availability of free assessment SSL Labs APIs and a tool that could be used by users to automate SSL vulnerability testing for websites. The Qualys security firm recently created the Qualys SSL Labs that provided a free tool to conduct free assessment by using its APIs and a new tool that enable SSL Labs u
Publish At:2015-03-22 01:40 | Read:1001 | Comments:0 | Tags:Breaking News Security Digital Certificate PKI Qualys SSL SS


Share high-quality web security related articles with you:)


Tag Cloud