HTTPS

Pierluigi Paganini October 24, 2015
How to improve Internet security after the disclosure of the Diffie-Hellman flaw

Now that it is known a critical flaw in the Diffie-Hellman key-exchange protocol was exploited by the NSA to break the internet encryption, how to stop it? Recently a group of researchers has revealed how the NSA has cracked HTTPS, SSH, and VPNs rely on the Diffie-Hellman encryption by exploiting a wrong implementation of the cryptographic algorithm. The […]

Pierluigi Paganini September 09, 2015
Many HTTPs sites at risk of revealing their private keys because of a critical bug

A number of recent discoveries suggest as more HTTPs websites, chat applicationss, and other services online are actualizing perfect forward secrecy. As per a Red Hat (a Linux distributor) security specialist, system equipment sold by few makers neglected to appropriately execute a broadly utilized cryptographic standard, an information releasing weakness that can permit spammers to […]

Pierluigi Paganini July 16, 2015
The newest RC4 attack is a nightmare for certain HTTPS implementations

The newest RC4 attack is a nightmare for certain HTTPS implementations, almost a third of the world’s encrypted Web connections can be cracked. We have written several times about RC4 encryption that has been accused of being a Cryptographic disaster, now two Belgian security researchers from the University of Leuven did another discovery that highlights […]

Pierluigi Paganini May 03, 2015
Mozilla Fundation, a step toward to full HTTPS implementation

The Mozilla Foundation is starting the operations to phase the HTTP connections in the Firefox browser according to “encrypt the Web” movement. According to roadmap defined by the Mozilla Foundation, the organization has started the process to move toward full HTTPS enforcement in Firefox browser In November 2014 the Electronic Frontier Foundation (EFF) and other firms, […]

Pierluigi Paganini April 21, 2015
Google Ads will pass to be fully encrypted

Google is improving its services, last decision it related to the Ads, the company takes a step towards by deployeng “HTTPS Everywhere”. Another good step, coming from google involving encryption. As you may remember Google started to encrypt back in 2008, when Gmail started to use HTTPS. Since 2008, Google has done a remarkable work […]

Pierluigi Paganini September 29, 2014
SHA-1 has been deprecated, what can I do?

The SHA-1 cryptographic hash algorithm has been known vulnerable, Collision attacks against it are too affordable and attacks will get cheaper soon. Many websites today are using digital certificates signed using algorithms based on the hash algorithm called SHA-1. Hashing algorithms are used to ensure the integrity of the certificate in the signing processes, a flawed […]

Pierluigi Paganini September 10, 2014
The HTTPS Phishing Websites will double by the end of 2014

According to the investigation conducted by experts at TrendMicro the number of HTTPS phishing sites is increasing and it will double by the end of 2014. Google considers security a top priority for this reason the company is starting to use HTTPS as a ranking signal. The scope is to encourage the adoption of HTTPS, but the […]

Pierluigi Paganini June 19, 2014
LinkedIn vulnerable to MITM attack that leverages an SSL stripping could expose users data at risk

Security experts at Zimperium firm revealed that LinkedIn users could be potentially vulnerable to Man-in-the-Middle attacks leveraging an SSL stripping. A new research is scaring users of LinkedIn revealing that they could be potentially vulnerable to Man-in-the-Middle (MITM) attacks leveraging an SSL stripping. Despite the US security firm Zimperium reported the problem to LinkedIn more than a […]

Pierluigi Paganini March 21, 2014
For Google it is time to encrypt all GMail connections

Google has announced to have adopted encrypt mechanisms for all Gmail connections to reply to the increasing demand of privacy of Internet users. Google decided to encrypt all Gmail connections to reply to the increasing demand of privacy of Internet users, all the links between its data centers will be encrypted. The surveillance programs disclosed by documents leaked […]

Pierluigi Paganini May 25, 2013
Microsoft could intercept Skype conversation, is it true?

German researchers revealed that Microsoft is able to intercept Skype conversation for security reason. Which are risks to the users’ privacy? Microsoft intercept Skype conversations, the topic is at the center of a heated discussion. Before Microsoft acquisition the popular VOIP application was considered very secure and wiretap-proof, it was officially recognized that was impossible […]