The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: ssl certificate checker

Critical SSL Vulnerability Leaves 25,000 iOS Apps Vulnerable to Hackers

Critical SSL Vulnerability Leaves 25,000 iOS Apps Vulnerable to Hackers

April 25, 2015Mohit Kumar
A critical vulnerability resides in AFNetworking could allow an attacker to cripple the HTTPS protection of 25,000 iOS apps available in Apple's App Store via man-in-the-middle (MITM) attacks . AFNetworking is a popular open-source code library that lets developers drop networking capabilities into their iOS and OS X products. But, it fails to check the domain name for which the SSL certificate has been issued. Any Apple iOS application that uses AFNetworking version prior to the latest version 2.5.3 may be vulnerable to the flaw that could allow hackers to steal or tamper data, even if the app protected by the SSL (secure sockets layer) protocol . Use any SSL Certificate to decrypt users' sensitive data: An attacker could use any valid SSL certificate for any domain name in order to exploit the vulnerability, as long as the certificate issued by a trusted certificate authority (CA) that’s something you can buy for $50. " This meant that a coffee sh
Let’s Encrypt  — A Certificate Authority to Provide Free SSL Certificates for Entire Web

Let’s Encrypt — A Certificate Authority to Provide Free SSL Certificates for Entire Web

November 19, 2014Swati Khandelwal
As days are passing, encryptio n is becoming a need for every user sitting online. Many tech giants including Google, Apple and Yahoo! are adopting encryption to serve its users security and privacy at its best, but according to Electronic Frontier Foundation (EFF) , the high-tech Web security should not be limited to the wealthiest technology firms. The non-profit foundation EFF has partnered with big and reputed companies including Mozilla, Cisco, and Akamai to offer free HTTPS/SSL certificates for those running servers on the internet at the beginning of 2015, in order to encourage people to encrypt users’ connections to their websites. Until now, switching web server over to HTTPS from HTTP is something of a hassle and expense for website operators and notoriously hard to install and maintain it. But, after the launch of this new free certificate authority (CA), called Let's Encrypt , it will be even more easy for people to run encrypted, secure HTTPS websites.
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.