The IETF, in RFC7568, declared SSLv3 “not sufficiently secure” and prohibited its use. SSLv3 fallbacks were to blame for the POODLE and BEAST attacks.
Browsing Category: Cryptography
NIST officially has removed the controversial and compromised Dual_EC_DRBG from its list of recommended algorithms for generating random numbers.
Facebook has hired away the top security executive at Yahoo, Alex Stamos, to become the company’s new CSO. Stamos said Wednesday that he is joining Facebook because he believes the company is in the best position to address some of the large security challenges facing users and companies right now. “There is no company in[…]
Researchers at Tel Aviv University have developed a compact, untethered tool capable of extracting GnuPG crypto keys (RSA and ElGamal) from laptops.
Researchers from ERPScan said SAP’s HANA in-memory database contains a default static encryption key.
In the two years since the details of the NSA’s deep penetration of the Internet infrastructure began to emerge, there has been a major movement afoot among Web companies to encrypt more and more of their resources and services. The latest large property to make this move is Reddit, which by the end of the[…]
Cloud-based password manager LastPass said its network has been breached and attackers stole personal information as well as salts and hashes.
The OpenSSL project has patched several moderate- and low-severity security vulnerabilities and also has added protection against the Logjam attack in new releases of the software.
SANS Institute reports that Cryptowall 3.0 ransomware infections emanating from the Angler Exploit Kit are on the rise, and coincide with a spike from malicious spam campaigns.
Microsoft announced it has added HTTP Strict Transport Security (HSTS) to Internet Explorer 11 on Windows 8.1 and Windows 7, in addition to its native inclusion in Microsoft Edge on Windows 10.