Is there such a thing as security technology that is too good? ESET expert Cameron Camp, who is in attendance at RSA, discusses further.
The post RSA: Can crypto save your life? appeared first on We Live Security.
Monthly Archives: March 2016
FBI Director — "What If Apple Engineers are Kidnapped and Forced to Write (Exploit) Code?"
What If Apple Engineers are Kidnapped and Forced to Write (Exploit) Code?
Exactly this was what FBI Director James Comey asked in the congressional hearing on Tuesday.
The House Judiciary Committee hearing on “The Encryption Tightrope: Balancing Americans’ Security and Privacy” over the ongoing battle between Apple and the FBI ended up being full of drama.
The key to the dispute is
Kaspersky Lab launches tools to help firms cope with advanced threats
Kaspersky Lab launches tools to help firms cope with advanced threats – Fierce IT Security
Kaspersky Lab launches tools to help firms cope with advanced threats
Kaspersky Lab launches tools to help firms cope with advanced threats – Fierce IT Security
SSLv2 DROWN Attack
Original release date: March 01, 2016
Network traffic encrypted using an RSA-based SSL certificate may be decrypted if enough SSLv2 handshake data can be collected. Exploitation of this vulnerability – referred to as DROWN in public reporting – may allow a remote attacker to obtain the private key of a server supporting SSLv2.
US-CERT encourages users and administrators to review Vulnerability Note VU#583776 and the US-CERT OpenSSL Current Activity for additional information and mitigation details.
This product is provided subject to this Notification and this Privacy & Use policy.
CVE-2016-0800
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a “DROWN” attack.
Facebook's Vice President Arrested in Brazil for Refusing to Share WhatsApp Data
Apple is not the only technology giant battling against authorities over a court order; Facebook is also facing the same.
Brazil’s federal police arrested Facebook Latin America Vice President for failing to comply with court orders to help investigators in a drug trafficking case that involves WhatsApp, a popular messaging app owned by Facebook that has over 100 Million users in Brazil.
New York Judge Rules FBI Can't Force Apple to Unlock iPhone
Apple – 1; The FBI – 0
Apple Won a major court victory against the Federal Bureau of Investigation (FBI) in an ongoing legal battle similar to San Bernardino.
In a New York case, a federal magistrate judge has ruled in favor of Apple, rejecting the U.S. government’s request to force Apple to help the FBI extract data from a locked iPhone.
<!– adsense –>
This ruling from United
DROWN Attack — More than 11 Million OpenSSL HTTPS Websites at Risk
A new deadly security vulnerability has been discovered in OpenSSL that affects more than 11 Million modern websites and e-mail services protected by an ancient, long deprecated transport layer security protocol, Secure Sockets Layer (SSLv2).
Dubbed DROWN, the highly critical security hole in OpenSSL was disclosed today as a low-cost attack that could decrypt your sensitive, secure HTTPS
DROWN Flaw Exposes 33 Percent Of HTTPS Connections To Attack
The latest Internet-wide crypto vulnerability has arrived in DROWN, which can be abused by attackers to carry out man-in-the-middle attacks and decrypt traffic.