Posts Tagged ‘security’
Mac OS X can’t properly revoke dodgy digital certificates
A programming glitch in Apple’s OS X operating system is making it hard for Mac users to tell their computers not to trust digital certificates, exacerbating an ongoing security problem with a Dutch certificate authority that was recently hacked.
AES proved vulnerable by Microsoft researchers
<a href="http://www.computerworld.com/s/article/9219297/AES_proved_vulnerable_by_Microsoft_researchers"Show that algorithm underlying most all of today's online transactions can be compromised.
Their attack can recover an AES secret key from three to five times faster than previously thought possible, reported the Katholieke Universiteit Leuven, a research university based in Belgium.
Pakistan trying to outlaw SSL
Reports Claim That Pakistan Is Trying To Ban Encryption Under Telco Law.
And this at a time when they want to increase offshored labour for foreign companies. Bullet, meet foot.
Phil Zimmermann said it best in 1991: If privacy is outlawed, only outlaws will have privacy.
Sniffer hijacks secure traffic from unpatched iPhones
Looks like all the iPhone 3G owners are screwed.
2011 CWE/SANS Top 25 Most Dangerous Software Errors
They are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all.
Top of the list: SQL Injection!
OpenSSL timing attack allows interception of server private key
“This paper describes a timing attack vulnerability in OpenSSL’s ladder implementation for curves over binary fields. We use this vulnerability to steal the private key of a TLS server where the server authenticates with ECDSA signatures. Using the timing of the exchanged messages, the messages themselves, and the signatures, we mount a lattice attack that recovers the private key.”
March RSA Hack Hits Lockheed, Remote Systems Breached
So how did the hackers do it? It’s been speculated that hackers obtained master key files during the March RSA attacks—as implied, a hacker then would be able to penetrate a SecurID-protected network by replicating an individual’s exact keys generated by the particular device.
Apple’s iOS 4 hardware encryption has been cracked
The moral of the story is that you shouldn’t leave your expensive Apple toys unattended over lunch.
Apple malware evolved – No password required
Looks like Apple’s chosen security model of “security by obscurity” is predictably breaking down…