December 2024 S M T W T F S 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 Blog Stats
- 75,849 hits
Tag Archives: man-in-the-middle
LogJam, FREAK’s Ugly Cousin
A new encryption attack, called LogJam, has emerged that allows attackers to read and modify the sensitive data passing through encrypted connections, potentially affecting hundreds of thousands of HTTPS-protected sites, mail servers, and other widely used Internet services. A man-in-the-middle … Continue reading
Posted in Security Blog
Tagged 2015, Diffie-Hellman, FREAK, LogJam, man-in-the-middle, mitm
Comments Off on LogJam, FREAK’s Ugly Cousin
Single and Vulnerable… By the Millions
Visitors and members of Match.com are vulnerable to plaintext sniffing from a man-in-the-middle attack. Their https, redirects to http then logins are passed in the clear. Completely readable to those on the same network. Read more here.
Posted in Security Blog
Tagged 2015, man-in-the-middle, mitm, passwords, privacy
Comments Off on Single and Vulnerable… By the Millions
Windows Vulnerable to FREAK
Microsoft confirms that most production versions of Windows are susceptible to the FREAK vulnerability in schannel (secure channel), where an attacker can force a downgrade in the SSL and then perform a man-in-the-middle attack. I last reported that FREAK only … Continue reading
Posted in Security Blog
Tagged 2015, Apple iPhone, FREAK, Google Android, man-in-the-middle, Microsoft Windows, mitm, openssl, rsa, ssl, tls, vulnerability
Comments Off on Windows Vulnerable to FREAK
Factoring attack on RSA-EXPORT Keys (FREAK)
Researchers disclosed a new SSL/TLS vulnerability — the FREAK attack. The vulnerability allows attackers to intercept HTTPS connections between vulnerable clients and servers and force them to use ‘export-grade’ cryptography, which can then be decrypted or altered. The ssl3_get_key_exchange function … Continue reading
Posted in Security Blog
Tagged 2015, Apple iPhone, FREAK, Google Android, man-in-the-middle, mitm, openssl, rsa, ssl, tls, vulnerability
Comments Off on Factoring attack on RSA-EXPORT Keys (FREAK)
Lenovo Superfish
Superfish is pre-installed Lenovo adware (thanks Lenovo!), which is meant to place advertisements in your web browser. The problem is that the software also intercepts encrypted traffic, which opens up your computer to man-in-the-middle attacks. Superfish intercepts HTTPS connections. Security … Continue reading
Posted in Security Blog
Tagged 2015, adware, certificate management, certificates, https, lenovo, man-in-the-middle, mitm, verisign
Comments Off on Lenovo Superfish
Under 11 Minutes to Crack WiFi for 7 Year Old
Seven-year-old Betsy Davis, using only youtube videos for knowledge, was able to find out how to hack the controlled environment’s public WiFi. She set up a rogue access point for a Man-in-the-Middle (MitM) attack, which allowed her to steal data … Continue reading
Posted in Security Blog
Tagged 2015, 7 year old, Betsy Davis, hackers, hacking, kid hacker, man-in-the-middle, wifi
Comments Off on Under 11 Minutes to Crack WiFi for 7 Year Old
POODLE attack through TLS
POODLE = Padding Oracle On Downgraded Legacy Encryption Once upon a time, in October, I wrote about SSL POODLE, a flaw in how browsers handle encryption; by negotiating down to SSL 3.0, attackers can alter padding data at the end … Continue reading
Posted in Security Blog
Tagged 2014, eavesdropping, man-in-the-middle, mitm, Padding Oracle On Downgraded Legacy Encryption, POODLE, ssl, tls
Comments Off on POODLE attack through TLS
Brain-to-Brain Communication Over the Internet
Wow, that’s cool! I would like to coin the phrase “Cybernotic Suggestion” for when brain-to-brain communication over the Internet is subject to a man-in-the-middle attack and the receiving end of the mind comm. gets suggested brain waves.
Posted in Security Blog
Tagged 2014, brain-to-brain, communication, Cybernotic Suggestion, man-in-the-middle, mitm, Security Awareness
Comments Off on Brain-to-Brain Communication Over the Internet
SSL 3.0 POODLE
Google security researchers have disclosed a vulnerability in SSL 3.0 that allows attackers to determine the plaintext of secure connections. Attackers can use the flaw to trigger network faults to push browsers back to the 15 year-old platform. POODLE is … Continue reading
Posted in Security Blog
Tagged 2014, Google, man-in-the-middle, mitm, openssl, Padding Oracle On Legacy Downgraded Encryption, POODLE, ssl, tls, v3, vulnerability, vulnerable websites
Comments Off on SSL 3.0 POODLE