Popular certificate authority StartSSL (StartCom) has resolved a security vulnerability in its domain validation process that could be abused by attackers to issue certificates for domains they do not own.
StartCom, the sixth largest certificate authority in the world, offers trusted identity and authentication services, and also provides site owners with free StartSSL certificates. The free StartSSL certificates were setup to be domain or email validated, but security researcher Osama Almanna recently discovered a flaw in the domain validation process that allowed him to validate a domain he did not own.Read more
A new deadly security vulnerability has been discovered in OpenSSL that affects more than 11 Million modern websites and e-mail services protected by an ancient, long deprecated transport layer security protocol, Secure Sockets Layer.
Dubbed DROWN, the highly critical security hole in OpenSSL was disclosed today as a low-cost attack that could decrypt your sensitive, secure HTTPS communications, including passwords and credit card details and that too in a matter of hours or in some cases almost immediately, a team of 15 security researchers from various universities and the infosec community warned Tuesday.Read more
Heartbleed. Shellshock. And now Venom. The names for cyber vulnerabilities keep getting scarier. But the latest threat, dubbed Venom, isn't going to cause as much trouble as the hype might lead you to believe.
While Venom has the potential to cause widespread catastrophe, it's unlikely to cause the same mess as Heartbleed because fixes are already taking place, security researchers say. "You've got a lot of scrambling going on, but I think this will go away sooner than later because people will respond pretty quickly to remediate and patch this," said Joe Loomis, founder and CEO of CyberSponse.Read more
Researchers have revealed a zero-day vulnerability in iOS 8 that, when exploited by a malicious wireless hotspot, will repeatedly crash nearby Apple iPhones, iPads and iPods. The attack will render vulnerable iOS things within range unstable or even entirely unusable by triggering constant reboots.
Anyone can take any router and create a Wi-Fi hotspot that forces you to connect to their network, and then manipulate the traffic to cause apps and the operating system to crash. This is not a denial-of-service where you can't use your Wi-Fi – this is a denial-of-service so you can't use your device even in offline mode.Read more
With the continuous advancements made in technology, our online experiences are becoming more streamlined and seemingly user friendly.
We no longer require stationary desktop computers to access the Internet, but instead can reach the web through our laptops, smartphones, tablets and now, televisions. Smart TVs are one of the latest additions to the family of fun gadgets millions of people have their eyes on, but are they secure? In January 2014, there was a deeper dive into the safety of smart TVs by inspecting the televisions of major manufactures. Journalists were able to crack into the devices by messing with their SSL certificates.Read more
The critical vulnerability in the Schannel technology in Windows that Microsoft patched is ripe for exploitation, experts say, and continues the long line of severe vulnerabilities in major SSL/TLS implementations in recent months.
The technology is in every supported version of Windows, and it can be exploited remotely by unauthenticated attackers. The company said that the vulnerability was found during a “proactive security audit”. That vulnerability enables an attacker to read the memory of systems protected by vulnerable versions of the software under certain circumstances.Read more
A detailed analysis by cybersecurity experts from the University of Maryland found that website administrators nationwide tasked with patching security holes exploited by the Heartbleed bug may not have done enough.
First disclosed Heartbleed presents a serious vulnerability to the popular OpenSSL software, allowing anyone on the Internet to read the memory of systems that are compromised by the malicious bug. Experts analyzed the most popular websites in the United States to better understand the extent to which systems administrators followed specific protocols to fix the problem. Website administrators everywhere should have immediately taken three steps to regain better control and security over their systems.Read more
There are details of a vulnerability in the design of SSL version 3.0. This vulnerability allows the plaintext of secure connections to be calculated by a network attacker.
SSL 3.0 is nearly 15 years old, but support for it remains widespread. Most importantly, nearly all browsers support it and, in order to work around bugs in HTTPS servers, browsers will retry failed connections with older protocol versions, including SSL 3.0. Because a network attacker can cause connection failures, they can trigger the use of SSL 3.0 and then exploit this issue. Disabling SSL 3.0 support, or CBC-mode ciphers with SSL 3.0, is sufficient to mitigate this issue, but presents significant compatibility problems, even today.Read more
Web surfing is one of the most popular kinds of using the Internet. Every day we are surfing the web: view the news, listen to the music and check e-mail. However, this service puts at risk the information stored on your computer.
During web surfing everyone can get to the site from which you can upload virus or an attacker can trick to get personal information. A digital certificate may be threat signal. Let's look at what it is a digital certificate and how it provides safety when surfing the web. There are many digital certificates and each serves for their own purposes. The most common type of certificates is SSL certificates.Read more
In what seems like the most impactful security vulnerability since the OpenSSL Heartbleed affair, a new Internet-wide bug emerged this week in the Bourne again shell (Bash).
While its true severity remains unknown, the Bash vulnerability (also known as “shell shock”) is being talked about everywhere, and you may have even seen your local news anchors discussing the story in front of a green-screen covered in fast-scrolling computer code on last night’s evening news. Bash is present in a very large number of Web-servers and in-home appliances. What is Bash?Read more