SSL

Pierluigi Paganini May 13, 2014
Who and how is using forged SSL certificates worldwide?

Who is abusing of forged SSL certificates in MITM attacks worldwide? A team of researchers implemented a new detection technique to detect the abuses. A team of researchers at Carnegie Mellon University and engineers at Facebook have designed a detection technique for man-in-the-middle attacks over SSL on a large-scale. They analyzed the data extracting useful information, including the […]

Pierluigi Paganini February 22, 2014
WhatsApp lack enforcing certificate pinning, users exposed to MITM

Experts at Praetorian have been conducting the Project Neptune to assess the security for designing and maintenance of mobile apps, including WhatsApp. This week the IT was shocked by the acquisition of WhatsApp by Facebook, the popular mobile messaging service was sold for $19 billion, probably this is the value assigned to the information managed by […]

Pierluigi Paganini December 09, 2011
Top Nine cyber security trends for 2012? They are too few, isn’t it?

In this article I intend to read with you an interesting document, distributed by Imperva, in which they emphasized, the main threats that could cause significant problems in the coming year.  Please carefully read the entire article, first we discuss the nine threats that worry Imperva, then I will introduce the most dangerous threats from my point of view. Do not spend days where you do not hear of cyber threats, risks and possible defense strategies implemented. Governments but […]

Pierluigi Paganini December 03, 2011
Cybercrime, an industry that knows no crisis

  During this days I had the opportunity to read the results of a couple of surveys: The PricewaterhouseCoopers (PwC). Its Global Economic Crime Survey has demonstrated that Cybercrime has double digit growth being today third biggest crime threat in UK businesses behind asset theft crimes, frauds and corruption Norton Cybercrime Report: The Human Impact, an groundbreaking study […]

Pierluigi Paganini November 08, 2011
SSL replacement? Convergence for replacing CA … Maybe

After the Diginotar case , another certification authority, the dutch KPN has released a statement announcing the termination of their service following the discovery that it has been compromised. KPN stopped issuing certificates after the detection of DDOS Tool on Server during an audit. First investigations have illustrated that the CA has been attacked four years ago. What really scares KPN of the story is that the same company, even before being a CA, is a state telephone company, and this opens up frightening scenarios on the security […]