Tag Archives: mitm

LogJam, FREAK’s Ugly Cousin

Posted on May 22, 2015 by Carmelo

A new encryption attack, called LogJam, has emerged that allows attackers to read and modify the sensitive data passing through encrypted connections, potentially affecting hundreds of thousands of HTTPS-protected sites, mail servers, and other widely used Internet services. A man-in-the-middle … Continue reading →

Posted in Security Blog | Tagged 2015, Diffie-Hellman, FREAK, LogJam, man-in-the-middle, mitm | Comments Off

Single and Vulnerable… By the Millions

Posted on April 17, 2015 by Carmelo

Visitors and members of Match.com are vulnerable to plaintext sniffing from a man-in-the-middle attack. Their https, redirects to http then logins are passed in the clear. Completely readable to those on the same network. Read more here.

Posted in Security Blog | Tagged 2015, man-in-the-middle, mitm, passwords, privacy | Comments Off

Windows Vulnerable to FREAK

Posted on March 6, 2015 by Carmelo

Microsoft confirms that most production versions of Windows are susceptible to the FREAK vulnerability in schannel (secure channel), where an attacker can force a downgrade in the SSL and then perform a man-in-the-middle attack. I last reported that FREAK only … Continue reading →

Posted in Security Blog | Tagged 2015, Apple iPhone, FREAK, Google Android, man-in-the-middle, Microsoft Windows, mitm, openssl, rsa, ssl, tls, vulnerability | Comments Off

Factoring attack on RSA-EXPORT Keys (FREAK)

Posted on March 4, 2015 by Carmelo

Researchers disclosed a new SSL/TLS vulnerability — the FREAK attack. The vulnerability allows attackers to intercept HTTPS connections between vulnerable clients and servers and force them to use ‘export-grade’ cryptography, which can then be decrypted or altered. The ssl3_get_key_exchange function … Continue reading →

Posted in Security Blog | Tagged 2015, Apple iPhone, FREAK, Google Android, man-in-the-middle, mitm, openssl, rsa, ssl, tls, vulnerability | Comments Off

Lenovo Superfish

Posted on February 19, 2015 by Carmelo

Superfish is pre-installed Lenovo adware (thanks Lenovo!), which is meant to place advertisements in your web browser. The problem is that the software also intercepts encrypted traffic, which opens up your computer to man-in-the-middle attacks. Superfish intercepts HTTPS connections. Security … Continue reading →

Posted in Security Blog | Tagged 2015, adware, certificate management, certificates, https, lenovo, man-in-the-middle, mitm, verisign | Comments Off

Progressive Insurance’s Snapshot Can be Used to Control Vehicles

Posted on January 19, 2015 by Carmelo

2,000,000 vehicles already have the Progressive Snapshot plugged into them via the OnBoardDiagnostic(OBD)-II Port. Digital Bond Labs described at a security conference last week how the Snapshot could be used to hack into some vehicles’ onboard networks. Testing was limited … Continue reading →

Posted in Security Blog | Tagged 2015, car hacking, Flo, mitm, Progressive Insurance, Snapshot, zombie | Comments Off

POODLE attack through TLS

Posted on December 11, 2014 by Carmelo

POODLE = Padding Oracle On Downgraded Legacy Encryption Once upon a time, in October, I wrote about SSL POODLE, a flaw in how browsers handle encryption; by negotiating down to SSL 3.0, attackers can alter padding data at the end … Continue reading →

Posted in Security Blog | Tagged 2014, eavesdropping, man-in-the-middle, mitm, Padding Oracle On Downgraded Legacy Encryption, POODLE, ssl, tls | Comments Off

The Raspberry Pi: Impact on Hacking

Posted on November 16, 2014 by Carmelo

So, this video is a little old, but very relevant. Sure the Raspberry Pi has been available for some time now, but has the awareness about them spread out of IT and into the minds of the business leaders? Are … Continue reading →

Posted in Security Blog | Tagged 2014, hacking, kali, mitm, pwnpi, raspberry pi, Security Awareness, sniffing | Comments Off

Brain-to-Brain Communication Over the Internet

Posted on November 6, 2014 by Carmelo

Wow, that’s cool! I would like to coin the phrase “Cybernotic Suggestion” for when brain-to-brain communication over the Internet is subject to a man-in-the-middle attack and the receiving end of the mind comm. gets suggested brain waves.

Posted in Security Blog | Tagged 2014, brain-to-brain, communication, Cybernotic Suggestion, man-in-the-middle, mitm, Security Awareness | Comments Off

SSL 3.0 POODLE

Posted on October 14, 2014 by Carmelo

Google security researchers have disclosed a vulnerability in SSL 3.0 that allows attackers to determine the plaintext of secure connections. Attackers can use the flaw to trigger network faults to push browsers back to the 15 year-old platform. POODLE is … Continue reading →

Posted in Security Blog | Tagged 2014, Google, man-in-the-middle, mitm, openssl, Padding Oracle On Legacy Downgraded Encryption, POODLE, ssl, tls, v3, vulnerability, vulnerable websites | Comments Off

S	M	T	W	T	F	S
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

Tag Archives: mitm

Share

Share

Share

Share

Share

Share

Share

Share

Share

Share

Blog Stats