Hornet Dear Bernard

Dear, Dear Bernard

Posts Tagged ‘security

Cracking OS X Lion Passwords

leave a comment »

Written by bernardhornet

September 26, 2011 at 10:30 pm

Posted in Uncategorized

Tagged with , , ,

Mac OS X can’t properly revoke dodgy digital certificates

leave a comment »

After DigiNotar hack, many Mac OS X users are having a hard time properly revoking the company’s digital certificates

A programming glitch in Apple’s OS X operating system is making it hard for Mac users to tell their computers not to trust digital certificates, exacerbating an ongoing security problem with a Dutch certificate authority that was recently hacked.

Written by bernardhornet

September 9, 2011 at 9:09 pm

Posted in Uncategorized

Tagged with , ,

AES proved vulnerable by Microsoft researchers

leave a comment »

<a href="http://www.computerworld.com/s/article/9219297/AES_proved_vulnerable_by_Microsoft_researchers"Show that algorithm underlying most all of today's online transactions can be compromised.

Their attack can recover an AES secret key from three to five times faster than previously thought possible, reported the Katholieke Universiteit Leuven, a research university based in Belgium.

Written by bernardhornet

August 23, 2011 at 11:33 pm

Posted in Uncategorized

Tagged with , ,

Pakistan trying to outlaw SSL

leave a comment »

Reports Claim That Pakistan Is Trying To Ban Encryption Under Telco Law.

And this at a time when they want to increase offshored labour for foreign companies. Bullet, meet foot.

Phil Zimmermann said it best in 1991: If privacy is outlawed, only outlaws will have privacy.

Written by bernardhornet

July 30, 2011 at 8:24 pm

Posted in Uncategorized

Tagged with , , ,

Sniffer hijacks secure traffic from unpatched iPhones

leave a comment »

Written by bernardhornet

July 28, 2011 at 11:19 pm

Posted in Uncategorized

Tagged with , ,

2011 CWE/SANS Top 25 Most Dangerous Software Errors

leave a comment »

The 2011 CWE/SANS Top 25 Most Dangerous Software Errors is a list of the most widespread and critical errors that can lead to serious vulnerabilities in software.

They are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all.

Top of the list: SQL Injection!

Written by bernardhornet

July 3, 2011 at 10:43 pm

Posted in Uncategorized

Tagged with ,

OpenSSL timing attack allows interception of server private key

leave a comment »

The researchers, Billy Bob Brumley and Nicola Tuveri of Aalto University School of Science, focused their efforts on OpenSSL’s implementation of the elliptic curve digital signature algorithm (ECDSA), and they were able to develop an attack that allowed them to steal the private key of an OpenSSL server.

“This paper describes a timing attack vulnerability in OpenSSL’s ladder implementation for curves over binary fi elds. We use this vulnerability to steal the private key of a TLS server where the server authenticates with ECDSA signatures. Using the timing of the exchanged messages, the messages themselves, and the signatures, we mount a lattice attack that recovers the private key.”

Written by bernardhornet

May 29, 2011 at 10:11 pm

Posted in Uncategorized

Tagged with , ,