Mike Mimoso and Chris Brook discuss the news of the week including internet-connected teddy bears, the latest on the Going Dark debate, and whether or not there’s a backdoor in Socat. They also preview next week’s Security Analyst Summit in Tenerife, Spain.
Browsing Category: Cryptography
Socat published a security advisory warning users that a hard-coded 1024 Diffie-Hellman prime number was not prime, and that an attacker could listen and recover secrets from a key exchange.
While the government still covets exceptional access to encrypted data, a Harvard paper says that plenty of surveillance opportunities remain, especially with the Internet of Things, metadata and more.
The OpenSSL project team today patched two vulnerabilities in the crypto library, one of which is rated high severity.
OpenSSL announced that it will release updates for 1.0.2f and 1.0.1r that patch two high-severity vulnerabilities.
OpenSSH patched a critical vulnerability that could be exploited by an attacker to force a client to leak private cryptographic keys.
Juniper Networks has removed the backdoored Dual_EC DRBG algorithm from its ScreenOS operating system, but new developments show Juniper deployed Dual_EC long after it was known to be backdoored.
Mozilla warns Firefox users that the browser’s rejection of new SHA-1 certificates is keeping some users behind security scanners and antivirus software from reaching HTTPS sites.
Researchers have demonstrated new collision attacks against SHA-1 and MD5 implementations in TLS, IKE and SSH.
Researchers at Synacktiv have disclosed a vulnerability in the Cisco Jabber Client for various platforms that exposes devices to man-in-the-middle attacks.