Companies currently deploying Cyberoam deep packet inspection devices could be at risk due to an intercept flaw, according to a pair of researchers, but the UTM vendor refutes the claim.
We've recently been witnessing tremendous change in perspective when it comes to IT security and the shroud of embarrassment associated with breaches has been lifting.
The company responsible for ensuring that users reach the website they intend to reach admitted in an SEC filing that its network was breached numerous times in 2010.
GlobalSign, which briefly halted operations in September out of concern that it was the latest SSL certificate authority hacked, has determined that its CA infrastructure was never compromised.
In this podcast, Access' Gustaf Bjorksten discusses why the SSL system has failed and what is necessary to improve its existing design and implementation. He helped author a call-to-action paper, and believes the future trust and privacy of the internet relies on finding a solution.
Cyber Monday, the digital equivalent of the brick-and-mortar world's Black Friday, is one of the busiest online shopping days of the year, and typically marks the beginning of a month-long period of increased online threats.
Netherlands-based KPN Corporate Market, a major telecommunications firm, has decided to exercise caution after uncovering a possible web server breach.
Amazon's Silk browser, used on the newly announced the Kindle Fire tablet, has raised privacy concerns because it directs all traffic through its EC2 cloud service.
DigiNotar, the Dutch-based certificate authority that issued hundreds of counterfeit SSL certificates, is no more.
Are we seeing the decline and fall of SSL and the Certificate Authority model?
Apple, Mozilla and Adobe are the latest technology companies to respond to the DigiNotar breach.
Portsmouth, N.H.-based certificate authority (CA) GlobalSign plans to be back fully operating on Monday after temporarily suspending the issuance of SSL credentials due to claims from a hacker linked to attacks on Comodo and DigiNotar. In a Monday post to Pastebin, a hacker claimed responsibility for the major attack on DigiNotar and said he has access to four other CAs, including GlobalSign. "We are adopting a high-threat approach to bringing services back online and we are working with a number of organizations to audit the process," the company said in a news release. GlobalSign is still investigating the hacker's claims, but said it believes CAs are facing an "industry-wide" attack.
Browser manufacturers and the Dutch government are acting quickly to contain the breach at certificate authority DigiNotar. The incident, meanwhile, has prompted calls for a system overhaul.
Like Comodo before it, the certificate authority DigiNotar said its infrastructure was breached, allowing adversaries to create fraudulent SSL certificates.
Researchers have confirmed that for the second time in less than six months, a provider of SSL certificates has issued a phony credential for Google.com
Well-known researcher Moxie Marlinspike proposed a solution to revamp the current trust-relationship model on the web, essentially turning the power over to the users.
Apple released a number of security updates for Mac OS X, Safari and iOS.
Most Facebook app developers are making session hijacking too easy for the cybercriminals.
Comodo has confirmed that two additional registration authorities affiliated with the company also were compromised in a highly publicized SSL certificate fraud attack disclosed last week.
A lone Iranian hacker claimed responsibility over the weekend for an attack on Comodo, a company that issues digital SSL certificates used by websites to validate their identity to visitors.
Reactions are running rampant after Comodo revealed it was tricked into issuing rogue digital certificates.
An advisory warned of nine fraudulent digital certificates issued by Comodo that could have been used to impersonate some of the world's highest-profile websites.
Facebook on Wednesday announced a new security feature designed to deter attackers from snooping on users who browse the social networking site via public wireless networks.
Mozilla on Thursday issued an updated Firefox web browser to fix 13 vulnerabilities.
A nonprofit security think tank's "report card" has failed Facebook and Twitter for neglecting to implement safeguards that are available on other popular online services.
A computer researcher has released a plug-in for the Firefox web browser that lets anyone scan open Wi-Fi networks and hijack, for example, Twitter and Facebook accounts.
Ivan Ristic, director of engineering at Qualys, provides an overview of his Black Hat 2010 talk, in which he presented a plethora of research findings into the state of SSL on the internet. As Ristic notes, websites are succeeding in some areas and falling short in others when it comes to deployment of SSL encryption.
Two researchers at the Black Hat conference in Las Vegas on Thursday exposed 24 ways hackers can hijack seemingly secure browser sessions.
VeriSign and rival Comodo are at odds over whether the process by which users can access VeriSign SSL customer accounts constitutes a vulnerability.
Google on Friday announced that it has rolled out a new privacy and security option for users to run encrypted searches. The new service, available at https://www.google.com, utilizes https encryption, commonly used to protect banking and e-commerce sites, to create a secure connection between a user's browser and Google throughout their entire search session. The secure channel will help protect search terms and results pages from being intercepted by a third party, Google said. The service, currently in beta, includes a modified Google logo to indicateSSL encryption is being used. — AM
