A recently fixed vulnerability in the BlackPhone instant messaging application gave attackers the ability to decrypt messages, steal contacts, and control vital functions of the device, which is... read more
Featured Slideshow
SSL
Meaner POODLE bug that bypasses TLS crypto bites 10 percent of websites
Submitted by l33tdawg on Tue, 2014-12-09 00:04
Some of the world's leading websites—including those owned or operated by Bank of America, VMware, the US Department of Veteran's Affairs, and business consultancy Accenture—are vulnerable to simple attacks that bypass the transport layer security encryption designed to thwart eavesdroppers and spoofers.
German Spy Agency Wants To Buy Zero-Day Vulnerabilities In Order To Undermine SSL Security
Submitted by l33tdawg on Thu, 2014-11-13 23:54
The newspaper Süddeutsche Zeitung reports that the German spy agency BND will spend €28 million on what it calls its 'Strategic Technical Initiative' (SIT) next year, and that it has asked the German government for a further €300 million (original in German). The German edition of the English-language site "The Local" explains how the money will be used:
The aim of the programme is to penetrate foreign social networks and create an early warning system for cyber attacks.
Microsoft releases anti-POODLE Fix It
Submitted by l33tdawg on Thu, 2014-10-30 00:04
Microsoft has released a Fix It to disable the feature which was the subject of the POODLE attack. The Fix It, a program which implements changes in the registry, makes the process simpler than the alternatives.
POODLE is the name given to a vulnerability in SSL version 3.0 found earlier this month by a Google researcher. SSL was supplanted by TLS and the current version is 1.2, but systems may fall back to older versions if the server does not support the newer ones.
OpenSSL warns vendors against using vulnerability info for marketing
Submitted by l33tdawg on Tue, 2014-09-09 01:15
Security advisories for OpenSSL should not be used for competitive advantage, according to the development project behind the widely used cryptography component.
The warning comes from the OpenSSL Project, which has published for the first time guidelines for how it internally handles security problems, part of an ongoing effort to strengthen the project following the Heartbleed security scare in April.
OpenSSL fork LibreSSL is declared "unsafe for Linux"
Submitted by l33tdawg on Wed, 2014-07-16 00:36
The first "preview" release of OpenSSL alternative LibreSSL is out, and already a researcher says he has found a "catastrophic failure" in the version for Linux.