The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: SSL encryption

Lavabit — Encrypted Email Service Once Used by Snowden, Is Back

Lavabit — Encrypted Email Service Once Used by Snowden, Is Back

January 21, 2017Mohit Kumar
Texas-based Encrypted Email Service ' Lavabit ,' that was forced to shut down in 2013 after not complying with a court order demanding access to SSL keys to snoop on Edward Snowden's emails , is relaunching on Friday. Lavabit CEO Ladar Levison had custody of the service's SSL encryption key that could have helped the government obtain Snowden's password. Although the FBI insisted it was only after Snowden's account, that was the key to the kingdom that would have helped the FBI agents obtain other users' credentials as well. But rather than complying with the federal request that could compromise the communications of all of its customers, Levison preferred to shut down his encrypted email service, leaving its 410,000 users unable to access their email accounts. Now, Levison has announced that he is reviving Lavabit with a new architecture that fixes the SSL problem — which according to him, was the biggest threat — and includes other privacy-enhancin
OpenSSL Releases Patch For "High" Severity Vulnerability

OpenSSL Releases Patch For "High" Severity Vulnerability

November 10, 2016Mohit Kumar
As announced on Tuesday, the OpenSSL project team released OpenSSL version 1.1.0c that addresses three security vulnerabilities in its software. The most serious of all is a heap-based buffer overflow bug (CVE-2016-7054) related to Transport Layer Security (TLS) connections using *-CHACHA20-POLY1305 cipher suites. The vulnerability, reported by Robert Święcki of the Google Security Team on September 25, can lead to DoS attack by corrupting larger payloads, resulting in a crash of OpenSSL. The severity of the flaw is rated "High" and does not affect OpenSSL versions prior to 1.1.0. However, the OpenSSL team reports there is no evidence that the flaw is exploitable beyond a DoS attack. The OpenSSL project also patches a moderate severity flaw (CVE-2016-7053) that can cause applications to crash. "Applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0
How Certificate Transparency Monitoring Tool Helped Facebook Early Detect Duplicate SSL Certs

How Certificate Transparency Monitoring Tool Helped Facebook Early Detect Duplicate SSL Certs

April 11, 2016Mohit Kumar
Earlier this year, Facebook came across a bunch of duplicate SSL certificates for some of its own domains and revoked them immediately with the help of its own Certificate Transparency Monitoring Tool service. Digital certificates are the backbone of our secure Internet, which protects sensitive information and communication, as well as authenticate systems and Internet users. The Online Privacy relies heavily on SSL/TLS Certificates and encryption keys to protect millions of websites and applications. As explained in our  previous article on The Hacker News , the current Digital Certificate Management system and trusted Certificate Authorities (CAs) are not enough to prevent misuse of SSL certificates on the internet. In short, there are hundreds of Certificate Authorities, trusted by your web browsers and operating systems, that has the ability to issue certificates for any domain, despite the fact you already have one purchased from another CA. An improper
What is Certificate Transparency? How It helps Detect Fake SSL Certificates

What is Certificate Transparency? How It helps Detect Fake SSL Certificates

April 11, 2016Swati Khandelwal
Do you know there is a huge encryption backdoor still exists on the Internet that most people don't know about? I am talking about the traditional Digital Certificate Management System … the weakest link, which is completely based on trust, and it has already been broken several times. To ensure the confidentiality and integrity of their personal data, billions of Internet users blindly rely on hundreds of Certificate Authorities (CA) around the globe. In this article I am going to explain: The structural flaw in current Digital Certificate Management system. Why Certificate Authorities (CA) have lost the Trust. How Certificate Transparency (CT) fixes issues in the SSL certificate system. How to early detect every SSL Certificates issued for your Domain, legitimate or rogue? First, you need to know Certificate Authority and its role: Certificate Authority and its Role A Certificate Authority (CA) is a third-party organization that acts as a centr
SSL Encryption — Securing Internet of Things (IoT)

SSL Encryption — Securing Internet of Things (IoT)

August 06, 2015Khyati Jain
Internet of Things (IoT) with the purpose of providing convenience to the users enabled every object in the universe to be as smart as a whip. By assigning IP address to all sorts of devices, ranging from household appliances, machines, medical devices and sensors to other day-to-day objects, and putting them all together on a standardised network is a common Internet of Things (IoT) practice. Is Internet of Things Secure? In my previous articles, I gave you a glance of the most vulnerable smart cities that are increasingly adopting devices connected to the Internet in an attempt to add convenience and ease to daily activities. By 2020, there will be more than 45 Billion Internet-connected devices that will transform the way we live and work. The bottom line: As the number of IoT enabled systems increases, the complexity of handling them increases; leading to an introduction of new risk and vulnerabilities associated with them. Security of Internet of
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.