So SSL in general is having a rough time lately, now with the SSLv2 DROWN attack on TLS. And this is not long after Logjam and a while since Heartbleed, POODLE and FREAK. DROWN is a cross-protocol attack that can decrypt passively collected TLS sessions from up-to-date clients and stands for Decrypting RSA with Obsolete […]
Cryptography
Dell Backdoor Root Cert – What You Need To Know
So a few days ago the Internet exploded with chatter about a Dell backdoor root cert AKA a rogue root CA, almost exactly like what happened with Lenovo and Superfish. It started with this Reddit thread – Dell ships laptops with rogue root CA, exactly like what happened with Lenovo and Superfish in the Technology […]
ISIS Running 24-Hour Terrorist Crypto Help-desk
There have been multiple mentioned of ISIS using encryption and ‘encrypted messaging systems’ in the news reports since the Paris incident, it turns out they mostly mean Telegram. Which we’ve only mentioned once before, when they got pounded by an epic DDoS attack. Now it turns out, ISIS has a whole help desk infrastructure set-up […]
KeeFarce – Extract KeePass Passwords (2.x) From Database
KeeFarce allows you to extract KeePass passwords (2.x) by using DLL injection to execute code and retrieve the database information from memory. The cleartext information, including usernames, passwords, notes and url’s are dumped into a CSV file in %AppData%. KeeFarce uses DLL injection to execute code within the context of a running KeePass process. C# […]
ProtonMail DDoS Attack – Sustained & Sophisticated
So the ProtonMail DDoS Attack – if you’re not familiar ProtonMail is an secure, free, encrypted e-mail service that promises absolutely no compromises. It’s been getting hit hard since November 3rd, with a large scale rather sophisticated set of DDoS attacks rendering it unable to receive or send e-mail. It seems to have mitigated the […]