SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
#SSL
25 Mar 2016

StartSSL flaw allowed attackers to obtain SSL cert for any domain

Popular certificate authority StartSSL (StartCom) has resolved a security vulnerability in its domain validation process that could be abused by attackers to issue certificates for domains they do not own.

StartCom, the sixth largest certificate authority in the world, offers trusted identity and authentication services, and also provides site owners with free StartSSL certificates. The free StartSSL certificates were setup to be domain or email validated, but security researcher Osama Almanna recently discovered a flaw in the domain validation process that allowed him to validate a domain he did not own.

Read more
Tags:
StartSSL information leaks
Source:
SecurityWeek
1915
2 Mar 2016

More than 11 million OpenSSL HTTPS websites at risk

A new deadly security vulnerability has been discovered in OpenSSL that affects more than 11 Million modern websites and e-mail services protected by an ancient, long deprecated transport layer security protocol, Secure Sockets Layer.

Dubbed DROWN, the highly critical security hole in OpenSSL was disclosed today as a low-cost attack that could decrypt your sensitive, secure HTTPS communications, including passwords and credit card details and that too in a matter of hours or in some cases almost immediately, a team of 15 security researchers from various universities and the infosec community warned Tuesday.

Read more
Tags:
information leaks OpenSSL Drown
Source:
The Hacker News
2045
20 May 2015

What you really need to know about Venom bug

Heartbleed. Shellshock. And now Venom. The names for cyber vulnerabilities keep getting scarier. But the latest threat, dubbed Venom, isn't going to cause as much trouble as the hype might lead you to believe.

While Venom has the potential to cause widespread catastrophe, it's unlikely to cause the same mess as Heartbleed because fixes are already taking place, security researchers say. "You've got a lot of scrambling going on, but I think this will go away sooner than later because people will respond pretty quickly to remediate and patch this," said Joe Loomis, founder and CEO of CyberSponse.

Read more
Tags:
Venom information leaks OpenSSL
Source:
CNBC
2200
22 Apr 2015

Zero-day bug forces iPhones and iPads to crash and burn

Researchers have revealed a zero-day vulnerability in iOS 8 that, when exploited by a malicious wireless hotspot, will repeatedly crash nearby Apple iPhones, iPads and iPods. The attack will render vulnerable iOS things within range unstable or even entirely unusable by triggering constant reboots.

Anyone can take any router and create a Wi-Fi hotspot that forces you to connect to their network, and then manipulate the traffic to cause apps and the operating system to crash. This is not a denial-of-service where you can't use your Wi-Fi – this is a denial-of-service so you can't use your device even in offline mode.

Read more
Tags:
iOS Apple SSL information leaks zero-day Wi-Fi
Source:
The Register
2727
20 Jan 2015

Can you be sure in a smart TV?

With the continuous advancements made in technology, our online experiences are becoming more streamlined and seemingly user friendly.

We no longer require stationary desktop computers to access the Internet, but instead can reach the web through our laptops, smartphones, tablets and now, televisions. Smart TVs are one of the latest additions to the family of fun gadgets millions of people have their eyes on, but are they secure? In January 2014, there was a deeper dive into the safety of smart TVs by inspecting the televisions of major manufactures. Journalists were able to crack into the devices by messing with their SSL certificates.

Read more
Tags:
data protection smart TV HTTPS SSL
Source:
Kaspersky Daily
3081
13 Nov 2014

Microsoft Schannel bug latest in long line of serious crypto flaws

The critical vulnerability in the Schannel technology in Windows that Microsoft patched is ripe for exploitation, experts say, and continues the long line of severe vulnerabilities in major SSL/TLS implementations in recent months.

The technology is in every supported version of Windows, and it can be exploited remotely by unauthenticated attackers. The company said that the vulnerability was found during a “proactive security audit”. That vulnerability enables an attacker to read the memory of systems protected by vulnerable versions of the software under certain circumstances. 

Read more
Tags:
information leaks Microsoft Windows Schannel SSL
Source:
Threatpost
2079
11 Nov 2014

Cyber experts discover lapses in Heartbleed bug fix

A detailed analysis by cybersecurity experts from the University of Maryland found that website administrators nationwide tasked with patching security holes exploited by the Heartbleed bug may not have done enough.

First disclosed Heartbleed presents a serious vulnerability to the popular OpenSSL software, allowing anyone on the Internet to read the memory of systems that are compromised by the malicious bug. Experts analyzed the most popular websites in the United States to better understand the extent to which systems administrators followed specific protocols to fix the problem. Website administrators everywhere should have immediately taken three steps to regain better control and security over their systems.

Read more
Tags:
OpenSSL Heartbleed information leaks hackers
Source:
UMD Right Now
1863
15 Oct 2014

POODLE bites: exploiting the SSL 3.0 fallback

There are details of a vulnerability in the design of SSL version 3.0. This vulnerability allows the plaintext of secure connections to be calculated by a network attacker. 

SSL 3.0 is nearly 15 years old, but support for it remains widespread. Most importantly, nearly all browsers support it and, in order to work around bugs in HTTPS servers, browsers will retry failed connections with older protocol versions, including SSL 3.0. Because a network attacker can cause connection failures, they can trigger the use of SSL 3.0 and then exploit this issue. Disabling SSL 3.0 support, or CBC-mode ciphers with SSL 3.0, is sufficient to mitigate this issue, but presents significant compatibility problems, even today. 

Read more
Tags:
POODLE SSL MITM information leaks
Source:
Google Blog
2646
7 Oct 2014

Do not cover the pop-up windows!

Web surfing is one of the most popular kinds of using the Internet. Every day we are surfing the web: view the news, listen to the music and check e-mail. However, this service puts at risk the information stored on your computer.

During web surfing everyone can get to the site from which you can upload virus or an attacker can trick to get personal information. A digital certificate may be threat signal. Let's look at what it is a digital certificate and how it provides safety when surfing the web. There are many digital certificates and each serves for their own purposes. The most common type of certificates is SSL certificates. 

Read more
Tags:
web surfing data protection SSL HTTP
Source:
ТакБезопасно
2102
3 Oct 2014

What is the Bash vulnerability and why it affects everyone

In what seems like the most impactful security vulnerability since the OpenSSL Heartbleed affair, a new Internet-wide bug emerged this week in the Bourne again shell (Bash).

While its true severity remains unknown, the Bash vulnerability (also known as “shell shock”) is being talked about everywhere, and you may have even seen your local news anchors discussing the story in front of a green-screen covered in fast-scrolling computer code on last night’s evening news. Bash is present in a very large number of Web-servers and in-home appliances. What is Bash?

Read more
Tags:
information leaks Bash Shellshock OpenSSL Heartbleed
Source:
Kaspersky Daily
Author:
Brian Donohue
2275
SafeUM NEWS
27 Apr 2017 safeum news imgage Encrypted Group Chat
4 Apr 2017 safeum news imgage Each SafeUM user gets free anonymous phone number
10 Mar 2017 safeum news imgage SafeUM useful features to help you feel safe
28 Sep 2016 safeum news imgage Secure Messenger SafeUM
21 Jul 2015 safeum news imgage New secured zone of Google Play: secure messenger SafeUM for Android. Download, Install, Communicate
3 Apr 2015 safeum news imgage We are beginning to test SafeUM for Windows Phone
25 Feb 2015 safeum news imgage SafeUM messenger is available for public testing
20 Feb 2015 safeum news imgage Algorithms and encryption schemes used for secure messenger SafeUM
30 Jan 2015 safeum news imgage New "TOP Security!" app is on the App Store
22 Jan 2015 safeum news imgage Free "TOP Security!" app is available on Google Play
28 Oct 2014 safeum news imgage How are security keys generated in SafeUM?
19 Jun 2014 safeum news imgage SafeUM is the best messenger for data protection and information security
16 Jun 2014 safeum news imgage Become a SafeUM tester and get free PREMIUM subscription for a year
12 May 2014 safeum news imgage Why Premium secure messenger SafeUM cannot be free
25 Apr 2014 safeum news imgage Encrypted secure messaging for every mobile device
All news
First page Previous
1 2
Next Last page
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015