encryption

Pierluigi Paganini April 30, 2014
AOL suffered a massive Data Breach

AOL Inc. confirms security breach, email accounts of a significant number users may have been exposed, no financial data has been stolen. AOL Inc. last Monday has confirmed with an official  blog post that the company suffered a massive data breach which may have compromised the email accounts of a significant number users, for this reason it is suggested to the clients of […]

Pierluigi Paganini April 30, 2014
Skype stores all application data in a local database in plain text

Romanian Researcher discovered that Skype application store sensitive User Data Unencrypted on a local database. A Romanian programmer at Hackyard Security Group, Dragoş Gaftoneanu, revealed through a  blog post that the popular VOIP application Skype leaves its local database unencrypted. Unfortunately the problem is very common, many applications, especially mobile apps, don’t encrypt application data exposing user’s information to serious risks for their privacy.  According Gaftoneanu, […]

Pierluigi Paganini April 24, 2014
NIST removes Dual_EC_DRBG algorithm from Draft Guidance suggesting to abandon it

The NIST announced it will request final public comments before Dual_EC_DRBG generator is officially removed from NIST Special Publication 800-90A, Rev.1 The National Institute of Standards has decided to abandon Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG ) in response to the controversy raised after the revelation made by Edward Snowden. In December the whistleblower leaked […]

Pierluigi Paganini April 22, 2014
Certificate revocation checks aren’t efficient against Heartbleed

Security researcher Adam Langley of Google explained the real efficiency of revocation checking in response to OpenSSL heartbeat bug. The Heartbleed bug is a source of great concern for IT industry, every day we discover that the flaw in the OpenSSL library has had a significant impact on Servers, on the mobile industry and on the anonymity […]

Pierluigi Paganini April 20, 2014
Mandiant uncovered Heartbleed based attacks to Hijack VPN sessions

Security experts at Mandiant uncovered attackers exploiting the Heartbleed vulnerability to circumvent Multi-factor Authentication on VPNs. We have practically read everything about HeartBleed bug which affects OpenSSL library, we have seen the effects on servers, on mobile devices and also on Tor anonymity,  now lets focus on the possibility to exploit it to hijack VPN […]

Pierluigi Paganini April 18, 2014
The impact of the HeartBleed Bug on Tor Anonymity

The presence of nearly 380 servers in the Tor Network, 12 percent of the exit capacity, running the vulnerable version of OpenSSL could have compromised user’s anonymity. The Heartbleed bug is the flaw in the popular OpenSSL library that is scaring the security communities, many security experts hiphotesized that Intelligence agencies, including NSA, have exploited the bug to spy on […]

Pierluigi Paganini April 14, 2014
How many mobile Users could be affected by Heartbleed flaw?

Heartbleed is the security flaw that is scaring IT industry, which is its impact on the mobile worlds? How many Smartphone Users could be affected? Heartbleed flaw is the argument that most of all is capturing the attention of the media in this period,  billions of users worldwide have been impacted, there are thousands solutions affected […]

Pierluigi Paganini April 13, 2014
BlackBerry and CISCO products are affected by Heartbleed vulnerability

CISCO and BlackBerry started to evaluate the impact of Heartbleed vulnerability on their products … unfortunately,the list of affected solutions is long. So far we have discussed the Heartbleed vulnerability by not investigating which are the products on the market that really are suffering it. We realized that the Heartbleed vulnerability potentially allows any attacker to access […]

Pierluigi Paganini April 12, 2014
Heartbleed flaw was already exploited for cyber attacks by NSA

The US National Security Agency knew for at least two years about the Heartbleed flaw, and exploited it for cyber attacks according Bloomberg. The Internet community was shocked by the disclosure of the Heartbleed flaw, the vulnerability affects OpenSSL library and allows an attacker to reveal up to 64kB of memory to a connected client or […]

Pierluigi Paganini April 11, 2014
Statistics on the impact of Heartbleed on Select Top Level Domains

The Heartbleed Bug is probably the most serious menace to the modern Internet, a serious flaw in the popular OpenSSL library that is having a great impact. It’s been just over 48 hours after the disclosure of the news about the Heartbleed vulnerability, the serious flaw which affect OpenSSL library that allows an attacker to reveal […]