The maintainers of the Openwall security enhanced Linux distribution have released a new stable version, which includes fixes for a number of serious vulnerabilities, such as the Shellshock Bash bug and the flaw in SSLv3 that leads to the POODLE attack. Openwall is designed to be a small, compact Linux distribution for servers, appliances and […]
Tag Archives: Cryptography
2014 Year in Review
Mike Mimoso and Dennis Fisher look back on the crazy year that was in security, including the big Internet-wide bugs such as Heartbleed and Shellshock, the Home Depot and Sony breaches and what lessons we learned in 2014.
2014: A Specious Odyssey
The wonderful and terrifying thing about the security world is that things never stay calm for long. As soon as you think you have a chance to catch your breath, someone breaks something and it’s time to scramble again. In 2014, those small moments of downtime were hard to come by.
Tor Project Warns of Possible Upcoming Attack on Network
The Tor Project is warning that an unnamed attacker is planning to try to cripple the network by seizing directory authorities, the servers that help Tor clients find Tor relays in the network. Tor officials said that the network right now is still safe to use, and also emphasized that they are taking steps to […]
Google Releases End-To-End Chrome Extension to Open Source
Google announced that it was making the source code for its End-to-End Chrome Extension available for review on GitHub. End-to-End encrypts and signs Gmail messages.
Two Cisco Products Vulnerable to POODLE Attack on TLS
Two of Cisco’s products are vulnerable to the POODLE attack via the TLS implementation in those products. The vulnerability affects Cisco’s Adaptive Security Appliance software and its Application Control Engine module. The POODLE attack was disclosed in October by researchers from Google, who discovered that if an attacker can force a vulnerable Web server to fall back from […]
Google Proposes Marking ‘HTTP’ as Insecure in 2015
Google proposes that browser vendors begin issuing address bar warnings to users that HTTP connections provide no data security protection.
Mozilla to Support Certificate Transparency in Firefox
Mozilla is planning to add support for Certificate Transparency checks in Firefox in the near future, but the company says that the feature won’t be turned on by default at first.
New Version of Destover Malware Signed by Stolen Sony Certificate
Researchers have discovered a new version of the Destover malware that was used in the recent Sony Pictures Entertainment breaches, and in an ironic twist, the sample is signed by a legitimate certificate stolen from Sony. The new sample is essentially identical to an earlier version of Destover that was not signed. Destover has been used […]
Researchers Say POODLE Attack Affects Some TLS Implementations
The POODLE attack against SSLv3 that researchers from Google revealed earlier this year also affects some implementations of TLS and vendors now are scrambling to release patches for gear affected by the vulnerability. Soon after the POODLE attack was disclosed in October, researchers began looking into whether it might affect protocols other than SSLv3. It quickly […]