HackDig : Dig high-quality web security articles for hacker

Comodo Issues Eight Forbidden Certificates

Certificate authority Comodo admits it incorrectly issued eight certificates that include forbidden internal server names or reserved IP addresses.In 2012, the Certificate Authority/Browser Forum banned the use of such designations for certs issued after Nov. 1, 2015. The decision was meant to cut off a common practice of CAs issuing certificates for interna
Publish At:2015-11-09 21:50 | Read:1103 | Comments:0 | Tags:Privacy Vulnerabilities Web Security CA CA|Browser Forum cer

Let’s Encrypt Hits Another Free HTTPS Milestone

The continued march toward encrypting every online connection hit a noteworthy milestone last night when Let’s Encrypt announced that it was officially a Certificate Authority.Let’s Encrypt is an open source movement to make HTTPS implementations simple and free of cost for domain owners. A month ago, Let’s Encrypt issued its first automate
Publish At:2015-10-20 15:40 | Read:1359 | Comments:0 | Tags:Cryptography Privacy Web Security CA certificate authority c

First Let’s Encrypt Free Certificate Goes Live

Let’s Encrypt, a movement to issue free and automated HTTPS certificates, today hit a major milestone when its first cert went live.The desire to encrypt web-based services has accelerated projects such as Let’s Encrypt, which was announced last November, and promised by the close of this summer to get the ball rolling on making free certs easily
Publish At:2015-09-16 03:40 | Read:1200 | Comments:0 | Tags:Cryptography Privacy Web Security certificate authority cert

NetNanny Found Using Shared Private Key, Root CA

An issue with the content-control software NetNanny could open users’ systems up to man-in-the-middle (MiTM) attacks, HTTPS spoofing and intercept, researchers warned Monday.First released in 1995, the internet filtering service is primarily used by parents to control their children’s online activity. According to a warning on CERT’s Vul
Publish At:2015-04-21 20:35 | Read:1165 | Comments:0 | Tags:Vulnerabilities Web Security CAs certificate authority forge

Google Revoking Trust In CNNIC Issued Certificates

So another digital certificate fiasco, once again involving China from CNNIC (no surprise there) – this time via Egypt. Google is going to remove all CNNIC and EV CAs from their products, probably with the next version of Chrome that gets pushed out.As of yet, no action has been taken by Firefox – or at least no release has been published.Followi
Publish At:2015-04-02 18:10 | Read:1431 | Comments:0 | Tags:Cryptography Privacy ca certificate authority chrome securit

Google Chrome will banish Chinese certificate authority for breach of trust

Google's Chrome browser will stop trusting all digital certificates issued by the China Internet Network Information Center following a major trust breach last week that led to the issuance of unauthorized credentials for Gmail and several other Google domains.Further ReadingGoogle warns of unauthorized TLS certificates trusted by almost all OSes [Update
Publish At:2015-04-02 06:15 | Read:1529 | Comments:0 | Tags:Law & Disorder Risk Assessment Technology Lab certificate au

Adware Adds to Security Headaches

Over the past few days, we have seen a security incident involving adware explode in the press. The original claims surprised the industry, and the reality actually became more surprising as we learned more. However, as Mark Twain said, “Fiction is obliged to stick to possibilities. Truth isn’t.” This adware incident varies in one very sign
Publish At:2015-02-28 01:55 | Read:1692 | Comments:0 | Tags:IBM X-Force Adware Certificate Authority Interception Techno

PrivDog Adware Poses Bigger Risk Than Superfish

Move over Superfish. Another piece of shady adware has been thrust into the spotlight, one that also breaks HTTPS connections, but is arguably worse than Superfish, which was pre-installed on new Lenovo laptops manufactured at the tail end of 2014.Researcher Hanno Bock yesterday reported that PrivDog, like Superfish, installs its own certificate and breaks S
Publish At:2015-02-24 19:35 | Read:2277 | Comments:0 | Tags:Cryptography Vulnerabilities Web Security Adtrustmedia Adtru

Komodia Website Under DDoS Attack

Komodia.com, home to the SSL interception module at the heart of the Superfish adware dustup, is currently under a distributed denial-of-service attack.As of 2 p.m. Eastern time, its home page had been replaced with a notice that the site was offline because it was under attack.“Some people say it’s not DDOS but a high volume of visitors, at the
Publish At:2015-02-24 03:50 | Read:1501 | Comments:0 | Tags:Cryptography Hacks Web Security Adware certificate authority

#HackerKast 10: XSS Vulnerability in jQuery, Let’s Encrypt, and Google Collects Personal Info

We kicked off this week’s episode chatting about a new XSS vulnerability that was uncovered in the very popular jQuery Validation Plugin. This plugin is used widely as a simple form validator and the researcher, Sijmen Ruwhof, found the bug in the plugin’s CAPTCHA implementation. This bug was very widespread, with a few Google dorks showing at l
Publish At:2014-11-26 03:25 | Read:2093 | Comments:0 | Tags:Industry Observations Vulnerabilities Web Application Securi

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud