Archive | Cryptography

Advertisements


18 June 2015 | 3,153 views

Apple’s Password Storing Keychain Cracked on iOS & OS X

And another password shocker, a few days after ‘cloud’ password service LastPass was pretty seriously hacked (yah if you’re using it, change your master password) critical 0-day flaws in Apple’s password storing keychain have been exposed. Which is kinda funny, as after the LastPass hack I saw some people espousing the usage of Apple’s keychain […]

Continue Reading


21 May 2015 | 2,513 views

The Logjam Attack – ANOTHER Critical TLS Weakness

So it seems SSL/TLS has not been having a good time lately, alongside Heartbleed and POODLE we now have the Logjam attack. It’s somewhat similar to the FREAK attack earlier this year, but that attacked the RSA key exchange and was due to an implementation vulnerability rather than Logjam which attacks the Diffie-Hellman key exchange […]

Continue Reading


14 May 2015 | 1,189 views

BitTorrent Bleep – Encrypted, Decentralized Voice & Text App

So after running an open alpha for a while, BitTorrent Bleep is now finally public and official. The whole secure/transient messaging app/platform area is an interesting space, companies have come and gone, some have been compromised and some are still around (Snapchat, Poke, Wickr, Armortext etc). Bleep requires no personal info, just a nickname and […]

Continue Reading


02 April 2015 | 758 views

Google Revoking Trust In CNNIC Issued Certificates

So another digital certificate fiasco, once again involving China from CNNIC (no surprise there) – this time via Egypt. Google is going to remove all CNNIC and EV CAs from their products, probably with the next version of Chrome that gets pushed out. As of yet, no action has been taken by Firefox – or […]

Continue Reading


11 December 2014 | 1,403 views

Sony Digital Certs Being Used To Sign Malware

So at the end of November, Sony got owned, owned REAL bad – we wrote about it here: Sony Pictures Hacked – Employee Details & Movies Leaked. It seems in as a part of the massive haul of documents, the digital certificates used to sign software were also stolen. Which is bad, as you can […]

Continue Reading


27 November 2014 | 3,295 views

Bitcoin Not That Anonymous Afterall

One of the big advantages touted by Bitcoin (and other cryptocurrencies) was always the anonymity of the transactions, yes you can track a wallet address and see the transaction history. But there’s no real way to link that wallet address to a real person (so we thought). I mean other than any leaky fiat exchange […]

Continue Reading


13 November 2014 | 2,942 views

Microsoft Schannel Vulnerabilty – Patch It NOW

So yah, it seems like every implementation of TLS is broken and some may say this Microsoft Schannel vulnerabilty is actually worse than Heartbleed. Why is it worse you ask? Because it allows remote code execution, which honestly – is about as bad as it gets. This is a critical update, a really, really critical […]

Continue Reading


16 October 2014 | 4,494 views

Everything You Need To Know About POODLE SSLv3 Vulnerability

So yah, it’s been quite a year – not long after Heartbleed and then Shellshock we now have POODLE SSLv3 vulnerability. Yes, that’s right – POODLE. It is actually an acronym this time though, yay (Padding Oracle On Downgraded Legacy). Is it a huge risk? Not really as it doesn’t allow any type of remote […]

Continue Reading


23 September 2014 | 1,643 views

CloudFlare Introduces SSL Without Private Key

Handing over your private key to a cloud provider so they can terminate your SSL connections and you can work at scale has always been a fairly contentious issue, a necessary evil you may say. As if your private key gets compromised, it’s a big deal and without it (previously) there’s no way a cloud […]

Continue Reading


16 September 2014 | 6,833 views

StegExpose – Steganalysis Tool For Detecting Steganography In Images

StegExpose is a steganalysis tool specialized in detecting steganography in lossless images such as PNG and BMP (LSB – least significant bit type). It has a command line interface and is designed to analyse images in bulk while providing reporting capabilities and customization which is comprehensible for non forensic experts. Steganography is the art or […]

Continue Reading


Advertisements