HackDig : Dig high-quality web security articles for hackers

Will Astrum Fill the Vacuum in the Exploit Kit Landscape?

The decline of exploit kit activity—particularly from well-known exploit kits like Magnitude, Nuclear, Neutrino, and Rig during the latter half of 2016—doesn’t mean exploit kits are throwing in the towel just yet. This is the case with Astrum (also known as Stegano), an old and seemingly reticent exploit kit we observed to have been updated multiple times as
Publish At:2017-05-18 23:10 | Read:5379 | Comments:0 | Tags:Exploits Vulnerabilities Astrum diffie-hellman exploit kit e

How to improve Internet security after the disclosure of the Diffie-Hellman flaw

Now that it is known a critical flaw in the Diffie-Hellman key-exchange protocol was exploited by the NSA to break the internet encryption, how to stop it? Recently a group of researchers has revealed how the NSA has cracked HTTPS, SSH, and VPNs rely on the Diffie-Hellman encryption by exploiting a wrong implementation of the
Publish At:2015-10-24 10:20 | Read:3762 | Comments:0 | Tags:Breaking News Hacking Intelligence Security Diffie-Hellman e

NSA broke trillions of encrypted connections due to a flaw

A flaw affecting the way encryption software implements the Diffie-Hellman key exchange algorithm allowed the NSA to break trillions of encrypted connections. Edward Snowden has revealed to the world that the NSA was able to crack also the almost encryption to conduct a large-scale online surveillance. According to Snowden,
Publish At:2015-10-17 16:20 | Read:2885 | Comments:0 | Tags:Breaking News Digital ID Hacking Intelligence Diffie-Hellman

How the NSA can break trillions of encrypted Web and VPN connections

For years, privacy advocates have pushed developers of websites, virtual private network apps, and other cryptographic software to adopt the Diffie-Hellman cryptographic key exchange as a defense against surveillance from the US National Security Agency and other state-sponsored spies. Now, researchers are renewing their warning that a serious flaw in the wa
Publish At:2015-10-16 00:20 | Read:5053 | Comments:0 | Tags:Law & Disorder Risk Assessment Technology Lab cryptography d

The Logjam Attack – ANOTHER Critical TLS Weakness

So it seems SSL/TLS has not been having a good time lately, alongside Heartbleed and POODLE we now have the Logjam attack.It’s somewhat similar to the FREAK attack earlier this year, but that attacked the RSA key exchange and was due to an implementation vulnerability rather than Logjam which attacks the Diffie-Hellman key exchange as is due to a flaw
Publish At:2015-06-09 23:26 | Read:4275 | Comments:0 | Tags:Cryptography Exploits/Vulnerabilities dh dh key exchange wea

Understanding Logjam and Future-Proofing Your Infrastructure

On May 19th, 2015 a team of researchers (Henninger et. al) published a paper with the title “Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice”.The paper can be divided in two sections: 1) discrete logs on a 512-bit Diffie-Hellman (DH) group, and 2) a new attack against the Transport Layer Security (TLS) protocol. We’ll review both
Publish At:2015-05-27 20:05 | Read:4044 | Comments:0 | Tags:Security Diffie-Hellman security TLS

The Logjam Attack: What You Need to Know

A group of security researchers and computer scientists have recently uncovered a vulnerability in how a Diffie-Hellman key exchange is deployed on the web. Dubbed as Logjam, the vulnerability affects home users and corporations alike, and over 80,000 of the top one million domains worldwide were found to be vulnerable. The original report on Logjam can be f
Publish At:2015-05-20 14:55 | Read:3606 | Comments:0 | Tags:Security Threat attack diffie-hellman logjam

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud