#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

SSL keys | Breaking Cybersecurity News | The Hacker News

Encrypted Email Servers Seized by German Authorities After School Bomb Threats

Encrypted Email Servers Seized by German Authorities After School Bomb Threats

Dec 22, 2015
In the wake of a hoax bomb threat, all public schools in Los Angeles were closed for a day last week, and now German authorities have seized an encrypted email server. But, Does that make sense? In a video statement posted on Monday, the administrator of Cock.li – an anonymous email provider service – said German authorities had seized a hard drive from one of its servers that used to host the service in a Bavarian data center. The email provider was thought to have been used last week to send bomb threatening emails to several school districts across the United States, resulting in the closure of all schools in the Los Angeles Unified School District. Despite The New York City Department of Education dismissed the e-mail as an obvious hoax, German authorities seized a hard drive that, according to the service admin, actually holds "all data" on the company. According to the service administrator Vincent Canfield, "SSL keys and private keys and f
Cryptoseal VPN Service shuts down over legal concerns after Lavabit case

Cryptoseal VPN Service shuts down over legal concerns after Lavabit case

Oct 23, 2013
Yet another American Internet privacy service has bitten the dust, prompted by fears about broad government surveillance demands. CryptoSeal, a Virtual private network (VPN) based in California has decided to shutter its privacy-conscious service rather than hand over its encryption keys to the U.S. Government. VPNs are secure tunnels to the Internet that allow users to mask their location, defeat regional restrictions, stay safe over public Wi-Fi connections, and maintain at least a modicum of privacy online. CryptoSeal is the latest company to voluntarily shut down its service after the U.S. Government's legal action against Lavabit, an email service used by former NSA contractor Edward Snowden. " With immediate effect as of this notice, CryptoSeal Privacy, our consumer VPN service, is terminated, " a notice reads on the company's website. " All cryptographic keys used in the operation of the service have been zerofilled...all records created incidental
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Unbreakable Apple's iMessage encryption is vulnerable to eavesdropping attack

Unbreakable Apple's iMessage encryption is vulnerable to eavesdropping attack

Oct 18, 2013
Though Apple claims iMessage has end-to-end encryption, But researchers claimed at a security conference that Apple's iMessage system is not protected and the company can easily access it. Cyril Cattiaux - better known as pod2g, who has developed iOS jailbreak software, said that the company's claim about iMessage protection by unbreakable encryption is just a lie, because the weakness is in the key infrastructure as it is controlled by Apple: they can change a key anytime they want, thus read the content of our iMessages . Basically, when you send  an   iMessage to someone, you grab their public key from Apple, and encrypt your message using that public key. On the other end, recipients have their own private key that they use to decrypt this message. A third-party won't be able to see the actual message unless they have access to the private key. Trust and public keys always have a problem, but the  researchers noted that there's no evidence that Apple or
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
FBI demands SSL Keys from Secure-Email provider Lavabit in Espionage probe

FBI demands SSL Keys from Secure-Email provider Lavabit in Espionage probe

Oct 02, 2013
During the summer, The Secure email provider 'Lavabit' and preferred service for PRISM leaker  Edward Snowden  decided to shut down after 10 years to avoid being complicit in crimes against the American people. The U.S. Government obtained a secret court order demanding private SSL key from Lavabit, which would have allowed the FBI to wiretap the service's users, according to Wired . Ladar Levison, 32, has spent ten years building encrypted email service Lavabit , attracting over 410,000 users. When NSA whistleblower Edward Snowden was revealed to be one of those users in July, Ladar received the court orders to comply, intended to trace the Internet IP address of a particular Lavabit user, but he refused to do so. The offenses under investigation are listed as violations of the Espionage Act and Founder was ordered to record and provide the connection information on one of its users every time that user logged in to check his e-mail. The Government complai
Cybersecurity Resources