The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

In cryptography, Block ciphers such as AES or DES are a symmetric key cipher operating on fixed-length groups of bits, called blocks, and typically operate on large input data blocks i.e. 64 or more than 128, 256 bits. Block cipher encrypts Plain-text to Cipher-text by applying cryptographic key and algorithm to a block of data at once as a group rather than to one bit at a time, so that identical blocks of text do not get encrypted the same way. However, some applications need smaller blocks, and possibly non-binary blocks. So, to fulfil this need Cisco is providing a  small block cipher , what it calls "FNR" (Flexible Naor and Reingold), but currently it is an experimental block cipher rather a production software. Sashank Dara , software engineer at the security technology group Cisco , says in a detailed explanation that FNR is a flexible length small domain block cipher for encrypting objects that works without the need for padding, as happens in the traditional

Hackers and cyber attacks are getting evil and worst nightmare for companies day-by-day. Just last week a group of hackers ruined the code-hosting and software collaboration platform, ' Code Spaces ' by destroying their Amazon cloud server, complete data and its backup files too. Recently, the largest ever and most severe Distributed Denial of Service (DDoS) attacks in the history of the Internet has been recorded that hit the online democracy poll promoting opinion on the upcoming Hong Kong elections. PopVote , an online mock election operated by The University of Hong Kong's Public Opinion Program, by Saturday recorded more than half a million votes in less than 30 hours in the unofficial referendum that provided permanent residents of Hong Kong to choose their preferred political representatives, that is suppose to be continued until June 29. However, the Chief Executive is officially chosen by a 1,200-member Election Committee under the current political system and drawn largel

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

The open source encryption protocol, OpenSSL, which is used by several social networks, search engines, banks and other websites to enable secure connections while transmitting data, came to everybody's attention following the Heartbleed vulnerability , a critical bug in the OpenSSL's implementation of the TLS/DTLS heartbeat extension that allows attackers to read portions of the affected server's memory, potentially revealing users data, that the server did not intend to reveal. Now, the biggest Internet giant Google is launching a new fork of OpenSSL, which they dubbed as BoringSSL, developed by its own independent work with the code. " We have used a number of patches on top of OpenSSL for many years, " Adam Langley, a cryptography engineer and Google employee, wrote in a blog post introducing BoringSSL. " Some of them have been accepted into the main OpenSSL repository, but many of them don't mesh with OpenSSL's guarantee of API and ABI

Code Spaces , a code-hosting and software collaboration platform used by different organizations for project management and development needs, was forced to shut down operations after an attacker compromised its internal system and deleted its customer's data and backups as well. This is really a nightmare for the code-hosting company based in Coventry, UK that claimed to offer " Rock Solid, Secure and Affordable Svn Hosting, Git Hosting and Project Management. " Codespaces.com homepage shows a lengthy explanation on the attack and an apology from its customer. " Code Spaces will not be able to operate beyond this point, the cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for will put Code Spaces in an irreversible position both financially and in terms of ongoing credibility, " read the note. " As such at this point in time we have no alternative but to cease trading and concentra

A Flaw has been discovered in the motherboards manufactured by the server manufacturer Supermicro, has left more than 30,000 servers vulnerable to hackers that could allow them to remotely compromise the management interface of unpatched servers. The vulnerability actually resides in the Baseboard Management Controller (BMC) in the WPCM450 line of chips incorporated into the motherboards. Security Researcher at CARInet Security Incident Response Team, discovered that Baseboard Management Controller (BMC) of Supermicro motherboards contain a binary file that stores remote login passwords in clear text and the file is available for download simply by connecting to the specific port, 49152. Baseboard Management Controller (BMC) is the central part of the microcontroller that resides on server motherboard or in the chassis of a blade server or telecom platform. The BMC links to a main processor and other onboard elements via a simple serial bus. Baseboard management contr