HackDig : Dig high-quality web security articles for hacker

Crypto-Risk: Your Data Security Blind Spot

For many years — almost since the beginning of secure internet communications — data security professionals have had to face the challenge of using certificates, the mechanism that forms the basis of Transport Layer Security (TLS) communications. Certificates facilitate secure connections to websites (represented by the “s” in “https”
Publish At:2020-03-23 10:45 | Read:109 | Comments:0 | Tags:Data Protection Risk Management Apple Business Continuity Ce

Report calls for web pre-screening to end UK’s child abuse ‘explosion’

byLisa VaasA UK inquiry into child sexual abuse facilitated by the internet has recommended that the government require apps to pre-screen images before publishing them, in order to tackle “an explosion” in images of child sex abuse.The No. 1 recommendation from the independent inquiry into child sexual abuse (IICSA) report, which was published o
Publish At:2020-03-16 08:53 | Read:210 | Comments:0 | Tags:Cryptography Facebook Instagram Law & order Privacy Snapchat

PXJ Ransomware Campaign Identified by X-Force IRIS

Ransomware has become one of the most profitable types of malware in the hands of cybercriminals, with reported cybercrime losses tripling in the last five years, according to the FBI. A constant flow of new and reused code in this realm continues to flood both consumers and organizations who fight to prevent infections, respond to attacks and often resort t
Publish At:2020-03-12 09:13 | Read:180 | Comments:0 | Tags:Malware Threat Intelligence Cryptography Cybercrime Encrypti

Let’s Encrypt issues one billionth free certificate

byDanny BradburyLast week was a big one for non-profit digital certificate project Let’s Encrypt – it issued its billionth certificate. It’s a symbolic milestone that shows how important this free certificate service has become to web users.Publicly announced in November 2014, Let’s Encrypt offers TLS certificates for free. These cert
Publish At:2020-03-02 09:21 | Read:230 | Comments:0 | Tags:Cryptography ACME Automated Certificate Management Environme

Malware and HTTPS – a growing love affair

byPaul DucklinIf you’re a regular Naked Security reader, you’ll know that we’ve been fans of HTTPS for years.In fact, it’s nearly nine years since we published an open letter to Facebook urging the social networking giant to adopt HTTPS everywhere.HTTPS is short for HTTP-with-Security, and it means that your browser, which uses HTTP (
Publish At:2020-02-18 10:21 | Read:197 | Comments:0 | Tags:Cryptography Malware malware sophoslabs TLS

Facebook encrypted messaging will ‘create hiding places for child abuse’

byLisa VaasLast year, Facebook announced that it would stitch the technical infrastructure of all of its chat apps – Messenger, WhatsApp and Instagram – together so that users of each app can talk to each other more easily.The plan includes slathering the end-to-end encryption of WhatsApp – which keeps anyone, including law enforcement and
Publish At:2020-02-10 07:56 | Read:285 | Comments:0 | Tags:Cryptography Facebook Instagram Law & order Privacy WhatsApp

Themes from Real World Crypto 2020

Over 642 brilliant cryptographic minds gathered for Real World Crypto 2020, an annual conference that brings together cryptographic researchers with developers implementing cryptography in the wild. Overall, RWC 2020 was an impressive conference that demonstrated some amazing work. Here we explore three major themes that emerged: Crypto bugs are eve
Publish At:2020-01-23 08:25 | Read:408 | Comments:0 | Tags:Conferences Cryptography

Exploiting the Windows CryptoAPI Vulnerability

On Tuesday, the NSA announced they had found a critical vulnerability in the certificate validation functionality on Windows 10 and Windows Server 2016/2019. This bug allows attackers to break the validation of trust in a wide variety of contexts, such as HTTPS and code signing. If you want to stop reading here, get the important details, and see if you̵
Publish At:2020-01-16 15:25 | Read:431 | Comments:0 | Tags:Cryptography Exploits Vulnerability exploit

Court says suspect can’t be forced to reveal 64-character password

byLisa VaasThe dry facts: A US court has come down in favor of Fifth Amendment protections against forced disclosure of a 64-character passcode in a child abuse imagery case = an important interpretation of whether forced password disclosure is the modern equivalent of an unconstitutionally coerced confession.The gut punch: The defendant is a man previously
Publish At:2019-11-26 12:35 | Read:883 | Comments:0 | Tags:Cryptography Law & order Mobile Privacy child abuse child ab

How safe browsing fails to protect user privacy

Recently, security researchers discovered that Apple was sending safe browsing data to Tencent for all Chinese users. This revelation has brought the underlying security and privacy guarantees of the safe browsing protocol under increased scrutiny. In particular, safe browsing claims to protect users by providing them with something called k-anonymity. In th
Publish At:2019-11-12 03:25 | Read:604 | Comments:0 | Tags:Cryptography

Multi-Party Computation on Machine Learning

During my internship this summer, I built a multi-party computation (MPC) tool that implements a 3-party computation protocol for perceptron and support vector machine (SVM) algorithms. MPC enables multiple parties to perform analyses on private datasets without sharing them with each other. I developed a technique that lets three parties obtain the resul
Publish At:2019-10-04 11:40 | Read:1266 | Comments:0 | Tags:Cryptography Internship Projects

Five years later, Heartbleed vulnerability still unpatched

The Heartbleed vulnerability was introduced into the OpenSSL crypto library in 2012. It was discovered and fixed in 2014, yet today—five years later—there are still unpatched systems.  This article will provide IT teams with the necessary information to decide whether or not to apply the Heartbleed vulnerability fix. However, we caution: The latter c
Publish At:2019-09-20 11:20 | Read:946 | Comments:0 | Tags:Exploits and vulnerabilities cryptography EKs exploit kits e

Better Encrypted Group Chat

Broadly, an end-to-end encrypted messaging protocol is one that ensures that only the participants in a conversation, and no intermediate servers, routers, or relay systems, can read and write messages. An end-to-end encrypted group messaging protocol is one that ensures this for all participants in a conversation of three or more people. End-to-end encrypte
Publish At:2019-09-19 16:00 | Read:548 | Comments:0 | Tags:Cryptography Internship Projects

Rewriting Functions in Compiled Binaries

by Aditi Gupta, Carnegie Mellon University As a summer intern at Trail of Bits, I’ve been working on building Fennec, a tool to automatically replace function calls in compiled binaries that’s built on top of McSema, a binary lifter developed by Trail of Bits. The Problem Let’s say you have a compiled binary, but you don’t have access to the original source
Publish At:2019-09-19 16:00 | Read:618 | Comments:0 | Tags:Cryptography Internship Projects McSema binary patching

Crypto 2019 Takeaways

This year’s IACR Crypto conference was an excellent blend of far-out theory and down-to-earth pragmatism. A major theme throughout the conference was the huge importance of getting basic cryptographic primitives right. Systems ranging from TLS servers and bitcoin wallets to state-of-the-art secure multiparty computation protocols were broken when one small s
Publish At:2019-09-19 16:00 | Read:508 | Comments:0 | Tags:Conferences Cryptography Paper Review

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud