encryption
Year-old crypto flaw in Socat created a potentially intentional backdoor
A backdoor has been discovered in Socat, a popular open-source network administration tool similar to Netcat, and its unclear how it hasn’t been spotted earlier or at …
Banning encryption is useless when IoT devices can spy on users
For a while now the US intelligence and law enforcement community has been complaining about the rise of end-to-end encryption, and how it will prevent them from tracking …
Tails 2.0 fixes many security issues
Tails is a live operating system, that you can start on almost any computer from a DVD, USB stick, or SD card. It aims at preserving your privacy and anonymity. Tails 2.0 is …
OpenSSL bug that could allow traffic decryption has been fixed
The OpenSSL Project has pushed out new versions of the widely used OpenSSL cryptographic library, which incorporate patches for two distinct security bugs, and an update of …
SSH backdoor found in more Fortinet devices, exploit attempts spotted in the wild
In case you missed it, Fortinet announced last week that the recently discovered FortiOS SSH backdoor – or, as they call it, “a management authentication …
Businesses fail to take full advantage of encryption technology
Private, highly-sensitive employee information, including banking details, HR files and personal healthcare records, is at risk. While many companies take the security of …
Netflix confirms it will start blocking proxies and unblockers
Netflix recently expanded its streaming services to nearly every country in the world. This good news for potential users in those countries has dampened the spirits of those …
Flaw allows malicious OpenSSH servers to steal users’ private SSH keys
Qualys researchers have discovered two vulnerabilities in the popular OpenSSH implementation of the secure shell protocol, one of which (CVE-2016-0777) could be exploited by …
SLOTH attacks weaken secure protocols because they still use MD5 and SHA-1
Researchers Karthikeyan Bhargavan and Gaëtan Leurent from INRIA, the French national research institute for computer science, have discovered a new class of transcript …
HTTPS Bicycle attack reveals password length, allows easier brute-forcing
Dutch security researcher Guido Vranken has come up with a new attack that could allow attackers to discover the length of a user’s password – and therefore make …
Kingston releases encrypted USB with keypad access
Kingston released the DataTraveler 2000 encrypted USB 3.0 Flash drive, which offers hardware encryption and PIN protection with access through an onboard alphanumeric keypad. …
The Tor Project announces bug bounty program
Representatives of the Tor Project, the non-profit organization that maintains the software needed for using the Tor anonymity network and operates the Onion network, have …
Featured news
Resources
Don't miss
- PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159)
- Account takeover detection: There’s no single tell
- Man vs. machine: Striking the perfect balance in threat intelligence
- Misconfig Mapper: Open-source tool to uncover security misconfigurations
- Why AI deployment requires a new level of governance