November 2024 S M T W T F S 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 Blog Stats
- 75,561 hits
Tag Archives: openssl
Windows Vulnerable to FREAK
Microsoft confirms that most production versions of Windows are susceptible to the FREAK vulnerability in schannel (secure channel), where an attacker can force a downgrade in the SSL and then perform a man-in-the-middle attack. I last reported that FREAK only … Continue reading
Posted in Security Blog
Tagged 2015, Apple iPhone, FREAK, Google Android, man-in-the-middle, Microsoft Windows, mitm, openssl, rsa, ssl, tls, vulnerability
Comments Off on Windows Vulnerable to FREAK
Factoring attack on RSA-EXPORT Keys (FREAK)
Researchers disclosed a new SSL/TLS vulnerability — the FREAK attack. The vulnerability allows attackers to intercept HTTPS connections between vulnerable clients and servers and force them to use ‘export-grade’ cryptography, which can then be decrypted or altered. The ssl3_get_key_exchange function … Continue reading
Posted in Security Blog
Tagged 2015, Apple iPhone, FREAK, Google Android, man-in-the-middle, mitm, openssl, rsa, ssl, tls, vulnerability
Comments Off on Factoring attack on RSA-EXPORT Keys (FREAK)
OpenSSL: 8 Bugs Fixed
First off, I’d like to explain what OpenSSL is! OpenSSL refers to the name of a 1998 project that was started to encrypt websites and user information across the Web. The “SSL” in “OpenSSL” refers to a Secure Sockets Layer … Continue reading
Posted in Security Blog
Tagged 2015, certificates, encryption, openssl, secure websites, ssl
Comments Off on OpenSSL: 8 Bugs Fixed
SSL 3.0 POODLE
Google security researchers have disclosed a vulnerability in SSL 3.0 that allows attackers to determine the plaintext of secure connections. Attackers can use the flaw to trigger network faults to push browsers back to the 15 year-old platform. POODLE is … Continue reading
Posted in Security Blog
Tagged 2014, Google, man-in-the-middle, mitm, openssl, Padding Oracle On Legacy Downgraded Encryption, POODLE, ssl, tls, v3, vulnerability, vulnerable websites
Comments Off on SSL 3.0 POODLE
Dr. Steven Bagley: Heartbleed Code
In this video, which I found through links on Facebook, Dr. Steven Bagley runs the Heartbleed code to show exactly how the exploit works. Also, here is a website that may give you some audit capabilities. http://www.garage4hackers.com/blog.php?b=2551
Posted in Security Blog
Tagged @computer_phile, 2014, Dr. Steven Bagley, Heartbleed, openssl
Comments Off on Dr. Steven Bagley: Heartbleed Code