HackDig : Dig high-quality web security articles for hackers

The mystery of the expiring Sectigo web certificate

byPaul DucklinThere’s a bit of a kerfuffle in the web hosting community just at the moment over an expired web security certificate from a certificate authority called Sectigo, formerly Comodo Certificate Authority.Expired certificates are a problem because they cause the web server that relies on them to show up as “invalid” to any program
Publish At:2020-06-02 14:55 | Read:239 | Comments:0 | Tags:Cryptography chain of trust openssl Sectigo SSL TLS

Five years later, Heartbleed vulnerability still unpatched

The Heartbleed vulnerability was introduced into the OpenSSL crypto library in 2012. It was discovered and fixed in 2014, yet today—five years later—there are still unpatched systems.  This article will provide IT teams with the necessary information to decide whether or not to apply the Heartbleed vulnerability fix. However, we caution: The latter c
Publish At:2019-09-20 11:20 | Read:1388 | Comments:0 | Tags:Exploits and vulnerabilities cryptography EKs exploit kits e

Dangerous liaisons

It seems just about everyone has written about the dangers of online dating, from psychology magazines to crime chronicles. But there is one less obvious threat not related to hooking up with strangers – and that is the mobile apps used to facilitate the process. We’re talking here about intercepting and stealing personal information and the de-anonymi
Publish At:2017-10-24 11:55 | Read:6664 | Comments:0 | Tags:Featured Mobile threats Android Certificate HTTPS iOS Mobile

How to Protect Your E-commerce Business from Cyber Attacks

Just as traditional brick-and-mortar businesses are targeted by anarchists during protests or times of unrest, e-commerce businesses are targeted by cyber criminals, except they don’t wait for particular season or reason.Whether small, medium or large, every business is, sadly, at the mercy of hackers who will exploit every opportunity they get to breach sen
Publish At:2017-03-23 16:10 | Read:5961 | Comments:11 | Tags:Cyber Security Featured Articles cyber attack E-commerce SSL

The OpenSSL Project fixed a High Severity flaw CVE-2017-3733 in release 1.1.0

On Thursday the OpenSSL Project has fixed a high severity denial-of-service (DoS) vulnerability in OpenSSL tracked as CVE-2017-3733. The OpenSSL development team has fixed a high severity denial-of-service (DoS) flaw tracked as CVE-2017-3733. This is the second security update released in just two months, the first one addressed four low and moderate severit
Publish At:2017-02-16 18:05 | Read:3355 | Comments:0 | Tags:Breaking News Hacking Security CVE-2017-3733 OpenSSL SSL TLS

Waze | Another way to track your moves

Millions of drivers use Waze, a Google-owned navigation app, to find the best, fastest route from point A to point B. And according to a new study, all of those people run the risk of having their movements tracked by hackers. Researchers at the University of California-Santa Barbara recently discovered a Waze vulnerability that allowed them to create thou
Publish At:2016-11-20 03:20 | Read:5807 | Comments:0 | Tags:Application Security Cyber Security Mobile Security Security

Flawed MatrixSSL Code Highlights Need for Better IoT Update Practices

SSL is a primary layer of defense on the Internet that makes it possible to have authenticated private conversations even over an untrusted network. Implementing a robust and secure SSL stack, however, is not trivial. Mistakes can lead to large attack surfaces, such as what we witnessed with OpenSSL when “Heartbleed” was discovered.In the wake of “Heartbleed
Publish At:2016-10-11 01:55 | Read:7418 | Comments:0 | Tags:Cyber Security Featured Articles Heartbleed Internet of Thin

Summer Security Interns: Tripwire’s Perspective

In 2015, Tripwire partnered with FIRST Robotics to bring on summer interns from local high schools. Our goal was to teach the students about various aspects of information security on both the offensive and defensive side.The goals I set out for our interns in 2015 were a bit lofty, to say the least. I had planned on teaching them about the various tools in
Publish At:2016-09-20 12:40 | Read:5050 | Comments:0 | Tags:Off Topic FIRST Robotics robot Security Controls SSL Verizon

My Summer 2016 Internship at Tripwire

My name is David. Now that you know my name, you should know technology is my passion.I’ve participated in the FIRST Robotics Competition, and I’m deeply knowledgeable about computer programming languages and software. But throughout my learning, I’ve always known cybersecurity would teach me and play an important part in my future career,
Publish At:2016-09-14 10:25 | Read:4515 | Comments:0 | Tags:Cyber Security Featured Articles Authentication internship p

“Forbidden attack” makes dozens of HTTPS Visa sites vulnerable to tampering

Dozens of HTTPS-protected websites belonging to financial services giant Visa are vulnerable to attacks that allow hackers to inject malicious code and forged content into the browsers of visitors, an international team of researchers has found.In all, 184 servers—some belonging to German stock exchange Deutsche Börse and Polish banking association Zwizek Ba
Publish At:2016-05-26 21:40 | Read:4307 | Comments:0 | Tags:Law & Disorder Risk Assessment Technology Lab authentication

Aging and bloated OpenSSL is purged of 2 high-severity bugs

Maintainers of the OpenSSL cryptographic library have patched high-severity holes that could make it possible for attackers to decrypt login credentials or execute malicious code on Web servers.The updates were released Tuesday morning for both versions 1.0.1 and 1.0.2 of OpenSSL, which a large portion of the Internet relies on to cryptographically protect s
Publish At:2016-05-04 02:10 | Read:5595 | Comments:0 | Tags:Risk Assessment Technology Lab Uncategorized encryption HTTP

More than 11 million HTTPS websites imperiled by new decryption attack

More than 11 million websites and e-mail services protected by the transport layer security protocol are vulnerable to a newly discovered, low-cost attack that decrypts sensitive communications in a matter of hours and in some cases almost immediately, an international team of researchers warned Tuesday. More than 81,000 of the top 1 million most popular Web
Publish At:2016-03-01 18:20 | Read:6161 | Comments:0 | Tags:Risk Assessment Technology Lab cryptography encryption explo

High-severity bug in OpenSSL allows attackers to decrypt HTTPS traffic

Maintainers of the OpenSSL cryptographic code library have fixed a high-severity vulnerability that made it possible for attackers to obtain the key that decrypts communications secured in HTTPS and other transport layer security channels.While the potential impact is high, the vulnerability can be exploited only when a variety of conditions are met. First,
Publish At:2016-01-29 08:40 | Read:3971 | Comments:0 | Tags:Risk Assessment Technology Lab cryptography encryption secur

Fatally weak MD5 function torpedoes crypto protections in HTTPS and IPSEC

If you thought MD5 was banished from HTTPS encryption, you'd be wrong. It turns out the fatally weak cryptographic hash function, along with its only slightly stronger SHA1 cousin, are still widely used in the transport layer security protocol that underpins HTTPS. Now, researchers have devised a series of attacks that exploit the weaknesses to break or degr
Publish At:2016-01-06 18:10 | Read:7486 | Comments:0 | Tags:Risk Assessment Technology Lab encryption exploits hash func

“Insufficient Authorization – The Basics” Webinar Questions – Part I

Recently we offered webinar on a really interesting Insufficient Authorization vulnerability: a site that allows the user to live chat with a customer service representative updated the transcript using a request parameter that an attacker could have manipulated in order to view a different transcript, potentially giving access to a great deal of confidentia
Publish At:2015-12-12 01:10 | Read:4127 | Comments:0 | Tags:Technical Insight Tools and Applications True Stories of the


Share high-quality web security related articles with you:)