SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
#HTTPS
22 Mar 2016

95% of HTTPS servers vulnerable to trivial connection hijacking

With just 5 percent of web servers correctly implementing HTTP Strict Transport Security, the remaining 95 percent are vulnerable to trivial connection hijacking attacks, research shows.

As Netcraft’s Paul Mutton explained in a recent blog post, these vulnerabilities can be exploited in phishing, pharming and man-in-the-middle (MiTM) attacks when a user unintentionally attempts to access a secure site via HTTP, meaning that the attacker does not have to spoof a valid TLS certificate to be successful. These attacks are easier to be carried out compared to those targeting TLS, such as the DROWN attack.

Read more
Tags:
HTTPS information leaks
Source:
SecurityWeek
2119
28 Sep 2015

Cookie handling in browsers can break HTTPS security

Cookies, the files that websites create in browsers to remember logged-in users and track other information about them, could be abused by attackers to extract sensitive information from encrypted HTTPS connections.

The issue stems from the fact that the HTTP State Management standard which defines how cookies should be created and handled, does not specify any mechanism for isolating them or checking their integrity. As such, Web browsers don't always authenticate the domains that set cookies. ookies are also not isolated by port number or scheme. A server can host multiple websites accessible via the same domain, but on different port numbers.

Read more
Tags:
cookies HTTPS information leaks
Source:
PCWorld
1915
24 Jun 2015

Game-over HTTPS defects in dozens of Android apps expose user passwords

Researchers have unearthed dozens of Android apps in the official Google Play store that expose user passwords because the apps fail to properly implement HTTPS encryption during logins or don't use it at all.

The roster of faulty apps have more than 200 million collective downloads from Google Play and have remained vulnerable even after developers were alerted to the defects. The apps include the official titles from the National Basketball Association, the Match.com dating service and the PizzaHut restaurant chain. They were uncovered by AppBugs, a developer of a free Android app that spots dangerous apps installed on users' handsets.

Read more
Tags:
HTTPS information leaks Android password Wi-Fi
Source:
Ars Technica
2186
4 Jun 2015

Internet.org is not neutral, not secure, and not the Internet

Facebook's Internet.org project, which offers people from developing countries free mobile access to selected websites, has been pitched as a philanthropic initiative to connect two thirds of the world who don’t yet have Internet access.

The global digital divide should be closed and we agree that some Internet access is better than none. However, we question whether this is the right way to do it. There's a real risk that the few websites that Facebook and its partners select for Internet.org could end up becoming a ghetto for poor users instead of a stepping stone to the larger Internet. 

Read more
Tags:
trends Facebook Internet.org Zuckerberg HTTPS
Source:
Electronic Frontier Foundation
2593
28 May 2015

How to stay safe on public Wi-Fi networks

Public Wi-Fi networks — like those in coffee shops or hotels — are not nearly as safe as you think. Even if they have a password, you're sharing a network with tons of other people, which means your data is at risk. Here's how to stay safe when you're out and about.

Just because most wireless routers have a firewall to protect you from the internet doesn't mean you're protected from others connected to the same network. It's remarkably easy to steal someone's username and password, or see what they're doing just by being on the same network. Don't take that chance. We're going to show you which settings are the most important ones.

Read more
Tags:
data protection HTTPS Wi-Fi OS X Windows
Source:
Lifehacker
3368
21 May 2015

Logjam attack exposes data passed over TLS connections

Scientists have identified weaknesses in the way popular cryptographic algorithm Diffie-Hellman key exchange is deployed – notably, they discovered an attack that could enable the reading and modifying of data passed over TLS connections.

The attack can be used by a MITM attacker to downgrade TLS connections to 512-bit export-grade cryptography that is weaker and easier to crack, thus enabling the reading and modifying of data. The attack is similar to the FREAK attack, except it attacks Diffie-Hellman key exchange as opposed to RSA key exchange, and is the result of a flaw in TLS protocol.

Read more
Tags:
Logjam TLS information leaks MITM HTTPS
Source:
SC Magazine
2540
7 May 2015

5 ways to protect your money online

In a security survey asking why people complete their shopping online, 73 percent of respondents cited saving time as the primary reason. Shopping online can so easily be completed from a smartphone or tablet that its prevalence is rapidly increasing.

One report expects e-commerce revenues to more than double between 2012 and 2018. With identity theft cited as the Federal Trade Commission’s top consumer complaint for 13 years in a row, people have valid reason to be concerned about entering credit card numbers, addresses, and other personal information into a website form. There are, however, ways you can decrease your risk.

Read more
Tags:
data protection credit cards HTTPS
Source:
The Cheat Sheet
Author:
Erika Rawes
2414
30 Mar 2015

Coding website GitHub hit by massive DDoS attack

A popular coding website of the USA is enduring an onslaught of Internet traffic meant for China’s most popular search engine, and security experts say the episode likely represents an attempt by China to shut down anticensorship tools.

The attack on a service world-wide software development used by programmers and major tech firms appears to underscore how China’s Internet censors increasingly reach outside the country to clamp down on content they find objectionable. Security experts said the traffic onslaught directed huge amounts of traffic from overseas users of Chinese search giant Baidu Inc. to GitHub.

Read more
Tags:
DDoS information leaks China HTTPS GitHub
Source:
The Wall Street Journal
2220
19 Mar 2015

Popular apps are still vulnerable to FREAK attack

A lot of Android apps that have been downloaded 6.3 billion times from the Google Play store are still vulnerable to the FREAK bug. Research published Tuesday by the company shows just how vulnerable both Android and iOS apps still are to a FREAK attack.

FREAK is a cryptographic weakness that permits attackers to force data traveling between a vulnerable website or operating system to servers to use weak encryption protocols. If combined with a so-called man-in-the-middle attack, the data could theoretically be intercepted and cracked as the user is unwittingly using a lower level of encryption than believed.

Read more
Tags:
FREAK Android information leaks HTTPS iOS
Source:
CNet
2230
6 Mar 2015

Windows is vulnerable to FREAK encryption flaw too

Computers running all supported releases of Microsoft Windows are vulnerable to FREAK, a decade-old encryption flaw that leaves device users vulnerable to having their electronic communications intercepted when visiting any of hundreds of thousands of websites.

The flaw was previously thought to be limited to Apple's Safari and Google's Android browsers. But Microsoft warned that the encryption protocols used in Windows were also vulnerable to the flaw. The FREAK flaw surfaced a few weeks ago when a group of researchers discovered they could force websites to use intentionally weakened encryption, which they were able to break within a few hours.

Read more
Tags:
Windows FREAK HTTPS TOP
Source:
CNet
2213
SafeUM NEWS
27 Apr 2017 safeum news imgage Encrypted Group Chat
4 Apr 2017 safeum news imgage Each SafeUM user gets free anonymous phone number
10 Mar 2017 safeum news imgage SafeUM useful features to help you feel safe
28 Sep 2016 safeum news imgage Secure Messenger SafeUM
21 Jul 2015 safeum news imgage New secured zone of Google Play: secure messenger SafeUM for Android. Download, Install, Communicate
3 Apr 2015 safeum news imgage We are beginning to test SafeUM for Windows Phone
25 Feb 2015 safeum news imgage SafeUM messenger is available for public testing
20 Feb 2015 safeum news imgage Algorithms and encryption schemes used for secure messenger SafeUM
30 Jan 2015 safeum news imgage New "TOP Security!" app is on the App Store
22 Jan 2015 safeum news imgage Free "TOP Security!" app is available on Google Play
28 Oct 2014 safeum news imgage How are security keys generated in SafeUM?
19 Jun 2014 safeum news imgage SafeUM is the best messenger for data protection and information security
16 Jun 2014 safeum news imgage Become a SafeUM tester and get free PREMIUM subscription for a year
12 May 2014 safeum news imgage Why Premium secure messenger SafeUM cannot be free
25 Apr 2014 safeum news imgage Encrypted secure messaging for every mobile device
All news
First page Previous
1 2
Next Last page
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015