SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
# HTTP
28 Sep 2015

Cookie handling in browsers can break HTTPS security

Cookies, the files that websites create in browsers to remember logged-in users and track other information about them, could be abused by attackers to extract sensitive information from encrypted HTTPS connections.

The issue stems from the fact that the HTTP State Management standard which defines how cookies should be created and handled, does not specify any mechanism for isolating them or checking their integrity. As such, Web browsers don't always authenticate the domains that set cookies. ookies are also not isolated by port number or scheme. A server can host multiple websites accessible via the same domain, but on different port numbers.

Read more
Tags:
cookies HTTPS information leaks
Source:
PCWorld
1915
4 Jun 2015

Internet.org is not neutral, not secure, and not the Internet

Facebook's Internet.org project, which offers people from developing countries free mobile access to selected websites, has been pitched as a philanthropic initiative to connect two thirds of the world who don’t yet have Internet access.

The global digital divide should be closed and we agree that some Internet access is better than none. However, we question whether this is the right way to do it. There's a real risk that the few websites that Facebook and its partners select for Internet.org could end up becoming a ghetto for poor users instead of a stepping stone to the larger Internet. 

Read more
Tags:
trends Facebook Internet.org Zuckerberg HTTPS
Source:
Electronic Frontier Foundation
2593
28 May 2015

How to stay safe on public Wi-Fi networks

Public Wi-Fi networks — like those in coffee shops or hotels — are not nearly as safe as you think. Even if they have a password, you're sharing a network with tons of other people, which means your data is at risk. Here's how to stay safe when you're out and about.

Just because most wireless routers have a firewall to protect you from the internet doesn't mean you're protected from others connected to the same network. It's remarkably easy to steal someone's username and password, or see what they're doing just by being on the same network. Don't take that chance. We're going to show you which settings are the most important ones.

Read more
Tags:
data protection HTTPS Wi-Fi OS X Windows
Source:
Lifehacker
3368
21 May 2015

Logjam attack exposes data passed over TLS connections

Scientists have identified weaknesses in the way popular cryptographic algorithm Diffie-Hellman key exchange is deployed – notably, they discovered an attack that could enable the reading and modifying of data passed over TLS connections.

The attack can be used by a MITM attacker to downgrade TLS connections to 512-bit export-grade cryptography that is weaker and easier to crack, thus enabling the reading and modifying of data. The attack is similar to the FREAK attack, except it attacks Diffie-Hellman key exchange as opposed to RSA key exchange, and is the result of a flaw in TLS protocol.

Read more
Tags:
Logjam TLS information leaks MITM HTTPS
Source:
SC Magazine
2540
7 May 2015

5 ways to protect your money online

In a security survey asking why people complete their shopping online, 73 percent of respondents cited saving time as the primary reason. Shopping online can so easily be completed from a smartphone or tablet that its prevalence is rapidly increasing.

One report expects e-commerce revenues to more than double between 2012 and 2018. With identity theft cited as the Federal Trade Commission’s top consumer complaint for 13 years in a row, people have valid reason to be concerned about entering credit card numbers, addresses, and other personal information into a website form. There are, however, ways you can decrease your risk.

Read more
Tags:
data protection credit cards HTTPS
Source:
The Cheat Sheet
Author:
Erika Rawes
2414
30 Mar 2015

Coding website GitHub hit by massive DDoS attack

A popular coding website of the USA is enduring an onslaught of Internet traffic meant for China’s most popular search engine, and security experts say the episode likely represents an attempt by China to shut down anticensorship tools.

The attack on a service world-wide software development used by programmers and major tech firms appears to underscore how China’s Internet censors increasingly reach outside the country to clamp down on content they find objectionable. Security experts said the traffic onslaught directed huge amounts of traffic from overseas users of Chinese search giant Baidu Inc. to GitHub.

Read more
Tags:
DDoS information leaks China HTTPS GitHub
Source:
The Wall Street Journal
2220
19 Mar 2015

Popular apps are still vulnerable to FREAK attack

A lot of Android apps that have been downloaded 6.3 billion times from the Google Play store are still vulnerable to the FREAK bug. Research published Tuesday by the company shows just how vulnerable both Android and iOS apps still are to a FREAK attack.

FREAK is a cryptographic weakness that permits attackers to force data traveling between a vulnerable website or operating system to servers to use weak encryption protocols. If combined with a so-called man-in-the-middle attack, the data could theoretically be intercepted and cracked as the user is unwittingly using a lower level of encryption than believed.

Read more
Tags:
FREAK Android information leaks HTTPS iOS
Source:
CNet
2230
6 Mar 2015

Windows is vulnerable to FREAK encryption flaw too

Computers running all supported releases of Microsoft Windows are vulnerable to FREAK, a decade-old encryption flaw that leaves device users vulnerable to having their electronic communications intercepted when visiting any of hundreds of thousands of websites.

The flaw was previously thought to be limited to Apple's Safari and Google's Android browsers. But Microsoft warned that the encryption protocols used in Windows were also vulnerable to the flaw. The FREAK flaw surfaced a few weeks ago when a group of researchers discovered they could force websites to use intentionally weakened encryption, which they were able to break within a few hours.

Read more
Tags:
Windows FREAK HTTPS TOP
Source:
CNet
2213
4 Mar 2015

Apple & Android devices are vulnerable to FREAK attack

Tech firms are rushing to fix a disastrous security flaw, stemming from the US government’s requirement of lower encryption standards, that for over a decade left millions of users visiting 'secured' websites exposed to potential attacks.

Experts have discovered a massive flaw that allows attackers to decrypt HTTPS-protected traffic passing between millions of websites and users of vulnerable devices, including Android and Apple smartphones and tablets. Researchers found that some websites that use SSL or TLS protocols, including government ones, are vulnerable and could be tricked into setting up a connection through weak encryption keys.

Read more
Tags:
Apple Android freak information leaks HTTPS TOP
Source:
Russia Today
2741
2 Mar 2015

A new adware breaks HTTPS connections

One more piece of malware adware has been thrust into the spotlight, one that also breaks HTTPS connections, but is arguably worse than Superfish, which was pre-installed on new Lenovo laptops manufactured at the tail end of 2014.

Experts reported that malvertising installs its own certificate and breaks SSL connections by creating a man-in-the-middle vulnerability that can be exploited by anyone to sniff traffic. Superfish makes Lenovo PCs vulnerable to malware and malicious attacks by pre-loading the adware. However, a new malware adware doesn’t contain the exact vulnerability as Superfish, it likely presents a bigger mess for users.

Read more
Tags:
TOP Superfish PrivDog information leaks malvertising HTTPS
Source:
Threatpost
2405
SafeUM NEWS
27 Apr 2017 safeum news imgage Encrypted Group Chat
4 Apr 2017 safeum news imgage Each SafeUM user gets free anonymous phone number
10 Mar 2017 safeum news imgage SafeUM useful features to help you feel safe
28 Sep 2016 safeum news imgage Secure Messenger SafeUM
21 Jul 2015 safeum news imgage New secured zone of Google Play: secure messenger SafeUM for Android. Download, Install, Communicate
3 Apr 2015 safeum news imgage We are beginning to test SafeUM for Windows Phone
25 Feb 2015 safeum news imgage SafeUM messenger is available for public testing
20 Feb 2015 safeum news imgage Algorithms and encryption schemes used for secure messenger SafeUM
30 Jan 2015 safeum news imgage New "TOP Security!" app is on the App Store
22 Jan 2015 safeum news imgage Free "TOP Security!" app is available on Google Play
28 Oct 2014 safeum news imgage How are security keys generated in SafeUM?
19 Jun 2014 safeum news imgage SafeUM is the best messenger for data protection and information security
16 Jun 2014 safeum news imgage Become a SafeUM tester and get free PREMIUM subscription for a year
12 May 2014 safeum news imgage Why Premium secure messenger SafeUM cannot be free
25 Apr 2014 safeum news imgage Encrypted secure messaging for every mobile device
All news
First page Previous
1 2
Next Last page
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015