#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

RSA keys | Breaking Cybersecurity News | The Hacker News

Category — RSA keys
98% of SSL enabled websites still using SHA-1 based weak Digital Certificates

98% of SSL enabled websites still using SHA-1 based weak Digital Certificates

Feb 06, 2014
The National Institute of Standards and Technology (NIST) had published a document on Jan 2011 that the SHA-1 algorithm will be risky and should be disallowed after year 2013, but it was recently noticed by Netcraft experts that NIST.gov website itself were using 2014 dated SSL certificate with SHA-1 hashes. " From January 1, 2011 through December 31, 2013, the use of SHA-1 is deprecated for digital signature generation. The user must accept risk when SHA-1 is used, particularly when approaching the December 31, 2013 upper limit. SHA-1 shall not be used for digital signature generation after December 31, 2013. " NIST in the document. Digital signatures facilitate the safe exchange of electronic documents by providing a way to test both the authenticity and the integrity of information exchanged digitally. Authenticity means when you sign data with a digital signature, someone else can verify the signature, and can confirm that the data originated from you and was not
Cyber criminals targeting another cryptocurrency 'Primecoin' with malicious miners

Cyber criminals targeting another cryptocurrency 'Primecoin' with malicious miners

Jan 16, 2014
Like Bitcoin, There are numerous other cryptocurrency similar in nature, including  MasterCoin , ProtoShares, Litecoin, Peercoin, BitBar and many more. One of them is  Primecoin  (sign: Ψ; code: XPM),  a peer-to-peer open source cryptocurrency that implements a scientific computing proof-of-work system. Unlike Bitcoin or other virtual currencies, only Primecoin provides a proof of work that has intrinsic value. It generates a special form of prime number chains, known as ' Cunningham chains & bi-twin chains ' and has a real world importance in mathematical research. Worldwide famous RSA Encryption basically uses two prime numbers for generating a RSA key pair. If you are able to factorize the public key and find these prime numbers, you will then be able to find the private key. Thus, the whole Security of RSA encryption is based on the length of prime numbers. So, Primecoin plays a great role for crypto researchers to get large... and a very large number of Primes. Like
Say Goodbye to Phishing: Must-Haves to Eliminate Credential Theft

Say Goodbye to Phishing: Must-Haves to Eliminate Credential Theft

Sep 13, 2024Device Security / Identity Management
Even as cyber threats become increasingly sophisticated, the number one attack vector for unauthorized access remains phished credentials ( Verizon DBIR, 2024 ). Solving this problem resolves over 80% of your corporate risk, and a solution is possible.  However, most tools available on the market today cannot offer a complete defense against this attack vector because they were architected to deliver probabilistic defenses. Learn more about the characteristics of Beyond Identity that allow us to deliver deterministic defenses.  The Challenge: Phishing and Credential Theft Phishing attacks trick users into revealing their credentials via deceptive sites or messages sent via SMS, email, and/or voice calls. Traditional defenses, such as end-user training or basic multi-factor authentication (MFA), lower the risk at best but cannot eliminate it. Users may still fall prey to scams, and stolen credentials can be exploited. Legacy MFA is a particularly urgent problem, given that attackers
NSA will not stop spying on us, next move Quantum computer to break strongest Encryption

NSA will not stop spying on us, next move Quantum computer to break strongest Encryption

Jan 04, 2014
Image Credit: The guardian  If I say that  NSA (National Security Agency) will never stop spying on us then it won't be wrong. After the exposure of the large number of surveillance scandals including PRISM, DROPOUTJEEP, XKeyscore and many many more which are now publicly known as well as unknown, Will NSA ever stop Privacy  breach? Obviously ' NO' . That I can predict from another Snowden leak published by the Washington Post news website recently i.e. US National Security Agency (NSA) is trying to develop a futuristic super computer called ' Quantum computer'  that could be capable of breaking almost every kind of encryption on the computer used to protect banks, medical, business including top-secret information held by government around the world. The Project is specified as " Penetrating Hard Targets " in the document and is a part of $79.7 million research program. The Washington Post says that the research is being done at the University of Maryland
cyber security

DevOps Security Best Practices

websiteWizDevOps / Secure Coding
Develop securely from code to cloud with this DevOps Security Cheat Sheet from Wiz. Take a deep dive into secure coding, infrastructure security, and vigilant monitoring and response.
Acoustic Cryptanalysis: Extracting RSA Key From GnuPG by capturing Computer Sound

Acoustic Cryptanalysis: Extracting RSA Key From GnuPG by capturing Computer Sound

Dec 20, 2013
' RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis ', is an interesting paper recently published by Three Israeli Security Researchers at Tel Aviv University . They claimed that, they have successfully broken one of the most secure encryption algorithms, 4096-bit RSA , just by capturing Computer's CPU Sound while it runs decryption routines. Daniel Genkin, Adi Shamir (who co-invented RSA), and Eran Tromer , uses a side channel attack and through a process called " acoustic cryptanalysis ", they successfully extracted 4096-bit RSA key From GnuPG. " We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away, " The paper specifies some possible implementations of this attack. Some email-client softwares i.e. Enigmail can automatically decrypt incoming e-mail (for notification purposes) using GnuPG. An attacker can e-mail suitably-
CloudFlare's Red October Crypto app with two-man rule style Encryption and Decryption

CloudFlare's Red October Crypto app with two-man rule style Encryption and Decryption

Dec 06, 2013
It is always important to secure our system against outside threats i.e. Hackers, but it also required to protect against insider threats. The potential of damage from an Insider threat can be estimated from the example of Edward Snowden who had worked at the NSA , and had authorized access to thousands of NSA's Secret Documents, networks and systems. ' According to a recent Verizon report, insider threats account for around 14% of data breaches in 2013." Mostly, securing data involves just encryption in the cloud and keeping encryption keys out of the hands of rogue employees, but it is not enough where rogue employees should have access to encryption keys as part of their work. To prevent such risk of rogue employees misusing sensitive data, CloudFlare has released an open source encryption software " Red October ," with " two-man rule " style file encryption and decryption. " Two-man rule ", a control mechanism designed to achieve a hi
Microsoft discontinues MD5 crypto for digital certificates to improve RDP Authentication

Microsoft discontinues MD5 crypto for digital certificates to improve RDP Authentication

Aug 15, 2013
This week Microsoft has released several advisories to help their users update from weak crypto. Microsoft is beginning the process of discontinuing support for digital certificates that use the MD5 hashing algorithm and to improve the network-level authentication for the Remote Desktop Protocol . Microsoft's optional updates : Microsoft Security Advisory 2661254: The private keys used in these certificates can be derived and could allow an attacker to duplicate the certificates and use them fraudulently to spoof content, perform phishing attacks, or perform man-in-the-middle attacks . Microsoft Security Advisory 2862973: Microsoft is announcing the availability of an update for supported editions of Windows Vista, Windows Server 2008, Windows 7 , Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT that restricts the use of certificates with MD5 hashes. This restriction is limited to certificates issued under roots in the Microsoft root certificate
Expert Insights / Articles Videos
Cybersecurity Resources