SSL

Safety requirements are designed to strengthen a broken SSL system: too little, too late

Consortium has published a set of practices of security, which they hope will apply all the centers of authentication to web browsers and other software trusted their certificates SSL. The basic requirements published by the Certification Authority / Browser Forum, designed to prevent breaches of security in the intricate network of trust that forms the(…)

Another certification authority has suspended operation after data loss

The site, owned by the Dutch CA was unavailable due to, reportedly, hackers broke through their defense and gained access to their database. Dutch telecom giant KPN issued a statement stating that the work site of its subsidiary Gemnet is temporarily suspended until the hack is investigated. Another site owned subsidiary of KPN, which issues digital(…)

Hacked another SSL Certification Center

Another center has stopped production of SSL-certificates after the vulnerability was discovered in security which allowed hackers to break into store tools on one of their servers. Representatives of the Dutch company KPN Corporate Market said that necessary measures were taken during the investigation of this burglary, which could be carried out four years ago. The(…)

At least four CA’s hacked since June

At least four CA reported that have been hacked in recent months, according to a study conducted by the organization Electronic Frontier Foundation and raises serious questions about the technology, on which millions of Web sites rely on to ensure safety. Head of IT projects in the EFF Peter Eckersley has collected information by examining(…)

Released DoS tool for SSL

Hackers have released software that they say, allows one computer to disable servers by exploiting vulnerabilities in the implementation of proven secure sockets layer. The German group known as The Hacker’s Choice, has released a tool on Monday, trying to draw attention to the “long series of vulnerabilities in the SSL”, which Web sites use to protect(…)

Firefox developers are considering to fully lock Java-function

Some time ago, independent researchers have demonstrated how to exploit code BEAST can without much difficulty to decrypt the data transmitted over a secure Internet connection. Now, browser makers have pondered how to overcome the method implemented in the BEAST data being compromised, experts Mozilla, it seems, are ready to go on even very drastic steps. Attacker Code(…)

Google Chrome prepared for BEAST attack

Google has prepared an update to a browser Chrome, which protects users against attacks, decoding the data transmitted between the browser and Web sites protected by SSL-protocol. Update, which is already part of the latest version of Chrome, was designed to prevent BEAST attacks, performed by the pilot code, which, according to its creators, exploits the high(…)

A critical vulnerability in the SSL out of theoretical level

Researchers have discovered a serious vulnerability in almost all web sites that use the SSL, which allows hackers to silently decode data that is sent between the Web server and browser, the end user. Vulnerability refers to the version 1.0 and earlier versions of TLS, cryptographic protocol, which is the foundation technology SSL, ensuring the(…)

99% of requests to google.com using fake certificates came from Iran

Approximately 300 000 unique IP-addresses from Iran have requested access to google.com using fake certificates issued by the Dutch CA DigiNotar , according to a preliminary report, the firm Fox-IT, published on Monday. Fake certificates, released on July 10 DigiNotar, were blocked on 29 August. “It was discovered around 300 000 unique IP-addresses, requesting access to google.com”, –(…)

Certification Center DigiNotar was heavily criticized

DigiNotar, became another victim of a network attack, which was to fake authentication data for Gmail and other confidential services of Google. This caused another wave of debate about Internet security. A number of companies have updated their software to protect themselves from the certificates issued by DigiNotar, which on Tuesday was the subject of a(…)