#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

SSL encryption | Breaking Cybersecurity News | The Hacker News

Lavabit — Encrypted Email Service Once Used by Snowden, Is Back

Lavabit — Encrypted Email Service Once Used by Snowden, Is Back

Jan 21, 2017
Texas-based Encrypted Email Service ' Lavabit ,' that was forced to shut down in 2013 after not complying with a court order demanding access to SSL keys to snoop on Edward Snowden's emails , is relaunching on Friday. Lavabit CEO Ladar Levison had custody of the service's SSL encryption key that could have helped the government obtain Snowden's password. Although the FBI insisted it was only after Snowden's account, that was the key to the kingdom that would have helped the FBI agents obtain other users' credentials as well. But rather than complying with the federal request that could compromise the communications of all of its customers, Levison preferred to shut down his encrypted email service, leaving its 410,000 users unable to access their email accounts. Now, Levison has announced that he is reviving Lavabit with a new architecture that fixes the SSL problem — which according to him, was the biggest threat — and includes other privacy-enhancin
OpenSSL Releases Patch For "High" Severity Vulnerability

OpenSSL Releases Patch For "High" Severity Vulnerability

Nov 10, 2016
As announced on Tuesday, the OpenSSL project team released OpenSSL version 1.1.0c that addresses three security vulnerabilities in its software. The most serious of all is a heap-based buffer overflow bug (CVE-2016-7054) related to Transport Layer Security (TLS) connections using *-CHACHA20-POLY1305 cipher suites. The vulnerability, reported by Robert Święcki of the Google Security Team on September 25, can lead to DoS attack by corrupting larger payloads, resulting in a crash of OpenSSL. The severity of the flaw is rated "High" and does not affect OpenSSL versions prior to 1.1.0. However, the OpenSSL team reports there is no evidence that the flaw is exploitable beyond a DoS attack. The OpenSSL project also patches a moderate severity flaw (CVE-2016-7053) that can cause applications to crash. "Applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0
How Certificate Transparency Monitoring Tool Helped Facebook Early Detect Duplicate SSL Certs

How Certificate Transparency Monitoring Tool Helped Facebook Early Detect Duplicate SSL Certs

Apr 11, 2016
Earlier this year, Facebook came across a bunch of duplicate SSL certificates for some of its own domains and revoked them immediately with the help of its own Certificate Transparency Monitoring Tool service. Digital certificates are the backbone of our secure Internet, which protects sensitive information and communication, as well as authenticate systems and Internet users. The Online Privacy relies heavily on SSL/TLS Certificates and encryption keys to protect millions of websites and applications. As explained in our  previous article on The Hacker News , the current Digital Certificate Management system and trusted Certificate Authorities (CAs) are not enough to prevent misuse of SSL certificates on the internet. In short, there are hundreds of Certificate Authorities, trusted by your web browsers and operating systems, that has the ability to issue certificates for any domain, despite the fact you already have one purchased from another CA. An improper
cyber security

Webinar: How to streamline security reviews with Trust Center

websiteVantaCompliance / Security Audit
Learn how Vanta Trust Center can help provide real-time evidence for passing controls and automate responses to security questionnaires.
Defending Your Commits From Known CVEs With GitGuardian SCA And Git Hooks

Defending Your Commits From Known CVEs With GitGuardian SCA And Git Hooks

May 20, 2024Software Security / Vulnerability
All developers want to create secure and dependable software. They should feel proud to release their code with the full confidence they did not introduce any weaknesses or anti-patterns into their applications. Unfortunately, developers are not writing their own code for the most part these days. 96% of all software contains some open-source components, and open-source components make up between  70% and 90% of any given piece of modern software . Unfortunately for our security-minded developers, most modern vulnerabilities come from those software components.  As new vulnerabilities emerge and are publicly reported as  Common Vulnerabilities and Exposures  (CVEs), security teams have little choice but to ask the developer to refactor the code to include different versions of the dependencies. Nobody is happy in this situation, as it blocks new features and can be maddening to roll back component versions and hope that nothing breaks. Developers need a way to  quickly  determine if
What is Certificate Transparency? How It helps Detect Fake SSL Certificates

What is Certificate Transparency? How It helps Detect Fake SSL Certificates

Apr 11, 2016
Do you know there is a huge encryption backdoor still exists on the Internet that most people don't know about? I am talking about the traditional Digital Certificate Management System … the weakest link, which is completely based on trust, and it has already been broken several times. To ensure the confidentiality and integrity of their personal data, billions of Internet users blindly rely on hundreds of Certificate Authorities (CA) around the globe. In this article I am going to explain: The structural flaw in current Digital Certificate Management system. Why Certificate Authorities (CA) have lost the Trust. How Certificate Transparency (CT) fixes issues in the SSL certificate system. How to early detect every SSL Certificates issued for your Domain, legitimate or rogue? First, you need to know Certificate Authority and its role: Certificate Authority and its Role A Certificate Authority (CA) is a third-party organization that acts as a centr
SSL Encryption — Securing Internet of Things (IoT)

SSL Encryption — Securing Internet of Things (IoT)

Aug 06, 2015
Internet of Things (IoT) with the purpose of providing convenience to the users enabled every object in the universe to be as smart as a whip. By assigning IP address to all sorts of devices, ranging from household appliances, machines, medical devices and sensors to other day-to-day objects, and putting them all together on a standardised network is a common Internet of Things (IoT) practice. Is Internet of Things Secure? In my previous articles, I gave you a glance of the most vulnerable smart cities that are increasingly adopting devices connected to the Internet in an attempt to add convenience and ease to daily activities. By 2020, there will be more than 45 Billion Internet-connected devices that will transform the way we live and work. The bottom line: As the number of IoT enabled systems increases, the complexity of handling them increases; leading to an introduction of new risk and vulnerabilities associated with them. Security of Internet of
Cybersecurity
Expert Insights
Cybersecurity Resources