SSL/TLS

Pierluigi Paganini March 11, 2015
Apple and Microsoft released updates to fix the FREAK flaw

Microsoft and Apple released security updates to fix the FREAK vulnerability recently discovered and affecting their products. FREAK is a major security flaw recently discovered that left users of Apple and Google devices exposed to MITM attack while visiting supposedly secure Websites. At the same time Microsoft issued a specific security advisory to inform its […]

Pierluigi Paganini March 07, 2015
Just $104 to exploit the FREAK flaw and hit the NSA website

Researchers hack NSA’s website with only $104 and 8 hours of Amazon’s cloud computing power using the #FREAK vulnerability A team of researchers demonstrated that it is possible to exploit the FREAK vulnerability to hack the official NSA website by using 8 hours of Amazon’s cloud computing power and spending only $104. The researcher made […]

Pierluigi Paganini March 06, 2015
All Windows systems are vulnerable to the FREAK attack

According to a security advisory published by Microsoft all supported versions of Windows are affected by the recently discovered FREAK vulnerability FREAK is major security SSL/TLS vulnerability recently discovered that for more than a decade left users of Apple and Google devices vulnerable to hacking when they visited millions of legitimate and secure websites. The critical […]

Pierluigi Paganini March 06, 2015
Time to make you secure from FREAK Vulnerability

FREAK, a new major security flaw that left users of Apple and Google devices exposed to MITM attack while visiting supposedly secure Websites. Few days back security researchers group (named as SMACK ) made everyone aware of a new SSL/TLS vulnerability, termed as FREAK (CVE-2015-0204). FREAK stands for Factoring Attack on RSA-EXPORT Keys. After POODLE, it […]

Pierluigi Paganini March 04, 2015
FREAK, the new vulnerability that threatens the IT industry

FREAK, a new major security flaw that left users of Apple and Google devices exposed to MITM attack while visiting supposedly secure Websites. IT industry is facing with a new major security SSL/TLS vulnerability that for more than a decade left users of Apple and Google devices vulnerable to hacking when they visited millions of […]

Pierluigi Paganini March 05, 2014
GnuTLS flaw in certificate verification exposes Linux world to attacks

A serious flaw in the certificate verification process of GnuTLS exposes Linux distros, apps to attack. Another flaw exploitable for surveillance purposes. GnuTLS is an open source secure communications library implementing the SSL, TLS and DTLS protocols, it is used in hundreds of software packages including Red Hat desktop,  all Debian and Ubuntu Linux distributions and many […]

Pierluigi Paganini February 27, 2014
FireEye discovered an Apple vulnerability which allows iOS keylogging

Researchers at FireEye have developed a POC that exploits an Apple vulnerability to implement a Background Monitoring on Non-Jailbroken iOS 7 Devices. A vulnerability in Apple products is once again the center of controversy because and also in this case the user’s privacy is at risk. The excellent team of security researchers at FireEye discovered another […]

Pierluigi Paganini February 24, 2014
Apple restores certificate validation checks mysteriously missed

Apple released a security update to iOS that restores some certificate-validation checks that had apparently been missing for an unspecified amount of time. Last week Apple released a security update to iOS (iOS 7.06) to fix a flaw for certificate-validation checks that could be abused by attackers to conduct a man-in-the-middle attack within the victim’s network  to capture or modify […]