#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
State of SaaS

RC4 encryption attack | Breaking Cybersecurity News | The Hacker News

Category — RC4 encryption attack
Google to Disable Weak SSLv3 and RC4 Protocols to Boost Internet Security

Google to Disable Weak SSLv3 and RC4 Protocols to Boost Internet Security

Sep 19, 2015
It is finally time to say GoodBye to the old and insecure Web security protocols. Citing the long history of weaknesses in the Secure Sockets Layer (SSL) 3.0 cryptographic protocol and the RC4 Cipher Suite, Google plans to disable support for both SSLv3 as well as RC4 stream cipher in its front-end servers. While announcing on its official blog , the Search Engine giant said the company is looking to put away SSLv3 and RC4 in all of its front-end servers, and eventually, in all its software including Chrome, Android, Web crawlers, and email servers. The move by Google came as no surprise, considering the fact that both RC4 and SSLv3 have been deemed unsecure by the Internet Engineering Task Force (IETF). What are the Problems? SSLv3, which was made outdated 16 years ago, has a long history of security problems like BEAST , out of them the most recent one was POODLE ( Padding Oracle On Downgraded Legacy Encryption ) attacks, which lead to the recovery of plaintext communication...
How to Crack RC4 Encryption in WPA-TKIP and TLS

How to Crack RC4 Encryption in WPA-TKIP and TLS

Jul 17, 2015
Security researchers have developed a more practical and feasible attack technique against the RC4 cryptographic algorithm that is still widely used to encrypt communications on the Internet. Despite being very old, RC4 (Rivest Cipher 4) is still the most widely used cryptographic cipher implemented in many popular protocols, including: SSL (Secure Socket Layer) TLS (Transport Layer Security) WEP (Wired Equivalent Privacy) WPA (Wi-Fi Protected Access) Microsoft's RDP (Remote Desktop Protocol) BitTorrent and many more However, weaknesses in the algorithm have been found over the years, indicating that the RC4 needs to be wiped from the Internet. But, yet about 50% of all TLS traffic is currently protected using the RC4 encryption algorithm. Now, the situation got even worse, when two Belgian security researchers demonstrated a more practical attack against RC4, allowing an attacker to subsequently expose encrypted information in a much shorter amount of time t...
The $10 Cyber Threat Responsible for the Biggest Breaches of 2024

The $10 Cyber Threat Responsible for the Biggest Breaches of 2024

Jan 16, 2025Identity Protection / SaaS Security
You can tell the story of the current state of stolen credential-based attacks in three numbers: Stolen credentials were the #1 attacker action in 2023/24, and the breach vector for 80% of web app attacks . (Source: Verizon). Cybersecurity budgets grew again in 2024, with organizations now spending almost $1,100 per user (Source: Forrester).  Stolen credentials on criminal forums cost as little as $10 (Source: Verizon). Something doesn't add up. So, what's going on? In this article, we'll cover: What's contributing to the huge rise in account compromises linked to stolen creds and why existing approaches aren't working.  The world of murky intelligence on stolen credentials, and how to cut through the noise to find the true positives. Recommendations for security teams to stop attackers from using stolen creds to achieve account takeover. Stolen credential-based attacks are on the rise There's clear evidence that identity attacks are now the #1 cyber threat f...
Expert Insights / Articles Videos
Cybersecurity Resources