Items tagged with tls

Is your data secure? Researchers recently discovered a new variation of the Bleichenbacher oracle attack that could threaten TLS 1.3 encryption. Seven researchers discovered that OpenSSL, Amazon s2n, MbedTLS, Apple CoreTLS, Mozilla NSS, WolfSSL, and GnuTLS utilized TLS protocols vulnerable to attacks. Google's new QUIC encryption protocol proved to be in danger as well. Their findings were published this past November in an article entitled, “The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations”.  Transport Layer Security (TLS) is a cryptographic protocol that provides end-to-end security over a computer network. It is commonly used in email, instant... Read more...
A newly discovered attack vector is threatening to leave millions of websites underwater, gasping for air. Since we live in an acronym-crazed society, it should come as no surprise that this latest exploit described as Decrypting RSA with Obsolete and Weakened eNcryption goes by the name of "DROWN." DROWN preys on servers that still openly support Secure Sockets Layer (SSLv2), even though modern servers have moved on to Transport Layer Security (TLS). Given that SSLv2 was developed in the 1990s, it’s long been considered outdated and insecure. However, some servers have still been configured to support SSLv2 for whatever reason, which leaves websites wide open to attacks. A server merely needs... Read more...
Where’s Jackie Treehorn when you need him? There’s a new browser exploit that’s making the rounds across the internet, and it’s capable of some pretty nasty stuff. Closely related to the FREAK exploit that we detailed a few months back, Logjam works its magic by using a main-in-the middle attack on the Diffie-Hellman protocol, downgrading vulnerable transport layer security (TLS) connections to just 512-bits of encryption — skilled hackers could crack 512-bit encryption keys in mere minutes. According to WeakDH, the Logjam exploit affects 0.2 percent of the top one million domains on the web. That puts roughly 20,000 sites at risk. But there’s both good news and bad news with regards to tackling... Read more...