#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

TLS handshake | Breaking Cybersecurity News | The Hacker News

New Raccoon Attack Could Let Attackers Break SSL/TLS Encryption

New Raccoon Attack Could Let Attackers Break SSL/TLS Encryption

Sep 10, 2020
A group of researchers has detailed a new timing vulnerability in Transport Layer Security (TLS) protocol that could potentially allow an attacker to break the encryption and read sensitive communication under specific conditions. Dubbed " Raccoon Attack ," the server-side attack exploits a side-channel in the cryptographic protocol (versions 1.2 and lower) to extract the shared secret key used for secure communications between two parties. "The root cause for this side channel is that the TLS standard encourages non-constant-time processing of the DH secret," the researchers explained their findings in a paper. "If the server reuses ephemeral keys, this side channel may allow an attacker to recover the premaster secret by solving an instance of the Hidden Number Problem." However, the academics stated that the vulnerability is hard to exploit and relies on very precise timing measurements and on a specific server configuration to be exploitable.
Facebook Open Sources Fizz — TLS 1.3 Library For Speed and Security

Facebook Open Sources Fizz — TLS 1.3 Library For Speed and Security

Aug 07, 2018
Facebook has open sourced Fizz—a library designed to help developers implement TLS 1.3 protocol with all recommended security and performance related configurations. Since late last month, Google Chrome web browser has started marking all non-HTTPS websites as 'Not Secure' in an effort to make the web a more secure place, forcing website administrators to switch to HTTPS. TLS 1.3 is the newest and most secure cryptographic protocol of the Transportation Layer Security (TLS), the successor to Secure Sockets Layer (SSL), which encrypts data in transit between clients and servers to prevent data theft or tampering. To make internet traffic more secure, TLS 1.3 incorporates several new features like encrypting handshake messages to keep certificates private, redesigning the way secret keys are derived, and a zero round-trip (0-RTT) connection setup, making certain requests faster than TLS 1.2. Written in C++ 14, Fizz is a reliable and highly performant TLS library that
Critical GnuTLS Flaw Leaves SSL Clients Vulnerable to Remote Code Execution

Critical GnuTLS Flaw Leaves SSL Clients Vulnerable to Remote Code Execution

Jun 04, 2014
GnuTLS, a widely used open source SSL/TLS cryptographic library is vulnerable to a buffer overflow vulnerability that could be exploited to crash TLS clients or potentially execute malicious code on underlying systems. The GnuTLS library implements secure sockets layer (SSL) and transport layer security (TLS) protocols on computers, servers, and softwares to provide encrypted communications over insecure channels. The bug ( CVE-2014-3466 ) was independently discovered by Joonas Kuorilehto of security firm Codenomicon, the same security firm who discovered the biggest Internet vulnerability, Heartbleed. Unlike Heartbleed, the GnuTLS library is not as widely deployed as OpenSSL. The GnuTLS Vulnerability resides in the way GnuTLS parses the session ID from the server response during a TLS handshake. It does not check the length of session ID value in the ServerHello message, which allows a malicious server to send an excessively long value in order to execute buffer overf
cyber security

Demonstrate Responsible AI: Get the ISO 42001 Compliance Checklist from Vanta

websiteVantaCompliance / Security Audit
ISO 42001 helps organizations demonstrate trustworthy AI practices in accordance with global standards. With Vanta, completing the requirements for ISO 42001 compliance can be done in a fraction of the time. Download the checklist to get started.
It's Time to Master the Lift & Shift: Migrating from VMware vSphere to Microsoft Azure

It's Time to Master the Lift & Shift: Migrating from VMware vSphere to Microsoft Azure

May 15, 2024Enterprise Security / Cloud Computing
While cloud adoption has been top of mind for many IT professionals for nearly a decade, it's only in recent months, with industry changes and announcements from key players, that many recognize the time to make the move is now. It may feel like a daunting task, but tools exist to help you move your virtual machines (VMs) to a public cloud provider – like Microsoft Azure – with relative ease. Transitioning from VMware vSphere to Microsoft Azure requires careful planning and execution to ensure a smooth migration process. In this guide, we'll walk through the steps involved in moving your virtualized infrastructure to the cloud giant, Microsoft Azure. Whether you're migrating your entire data center or specific workloads, these steps will help you navigate the transition effectively. 1. Assess Your Environment: Before diving into the migration process, assess your current VMware vSphere environment thoroughly. Identify all virtual machines (VMs), dependencies, and resource
Cybersecurity
Expert Insights
Cybersecurity Resources