Government agencies have until Feb. 4 to audit their IT infrastructure for the use of backdoored Juniper Networks’ Netscreen firewalls.
Browsing Tag: Encryption
OpenSSL announced that it will release updates for 1.0.2f and 1.0.1r that patch two high-severity vulnerabilities.
Juniper Networks has removed the backdoored Dual_EC DRBG algorithm from its ScreenOS operating system, but new developments show Juniper deployed Dual_EC long after it was known to be backdoored.
Mike Mimoso and Chris Brook discuss the week in news: How the Dutch are opening encryption with open arms, the end of support for IE 8, 9, and 10, and the latest bounty offered up by Zerodium.
Mozilla warns Firefox users that the browser’s rejection of new SHA-1 certificates is keeping some users behind security scanners and antivirus software from reaching HTTPS sites.
Researchers have demonstrated new collision attacks against SHA-1 and MD5 implementations in TLS, IKE and SSH.
Government officials in the Netherlands this week released a statement that actually calls for stronger encryption and rejects backdoors entirely.
Researchers at Synacktiv have disclosed a vulnerability in the Cisco Jabber Client for various platforms that exposes devices to man-in-the-middle attacks.
Crypto and security experts digging into the Juniper backdoor have determined that attackers have subverted an alleged NSA backdoor in the Dual_EC_DRBG algorithm used in NetScreen firewalls.
Despite recently public concerns over the sunsetting of SHA-1, Google announced it will block new SHA-1 certs in Chrome as of Jan. 1, and all SHA-1 certs possibly by July 1, 2016.