Posts Tagged ‘SSL’

SSL certificatesGoogle has announced the strengthening of all SSL encryption certificates. Developers start using 2048-bit encryption.

The new standard will be put into operation gradually. Google starts using the new certificates in August. Fully transition promise to finish by the end of 2013.

In most cases and for most users, the transition to another technology will hardly be noticed. But hackers will have to work harder because the transmitted data will be much more difficult to decipher.

“We are starting to move to the new 2048-bit certificates from August 1, 2013 to provide sufficient time for translation reserve all of our products to the new standard by the end of the year. We also change the root certificate, because it used a 1024-bit encryption “ – explains Google. (more…)

Vulnerability

SSL implementation flaws

Researchers have discovered an incorrect implementation of SSL encryption that allows for an attack on a huge number of applications and services provided by PayPal, Amazon, Microsoft, Google, Yahoo.

A team of researchers from the University of Texas at Austin and Stanford published a study of reliability mechanisms Validation SSL certificates in “non-browser” software platforms on Linux, Windows, Android and iOS. The subject of the study were the validation SSL implementations in various software and API, based on it. The vector operation was chosen type of attack is the “man in the middle” (MitM).

The main objective of SSL – is to provide mechanisms to protect the end user from the attack of the “man in the middle”. Even if the network is fully compromised: poisoned DNS cache servers, access points, routers, etc. are controlled by an attacker – SSL is required to ensure the confidentiality, authenticity and integrity of data between the client and the server. (more…)

SSL errorsStaff of the two German universities found that 17% Android-SSL apps’ can be exploited to the “man in the middle” attack .

Employees of Leibniz University in Hannover and Philipps University examined some 13 000 applications and more than 1000 of them, they found errors implement SSL protocol.

In the study, researchers found that 17% of all applications that use SSL, contain errors, allowing the attacker to the “man in the middle” attack. The study’s authors said they had successfully managed to get the credentials of services, such as American Express, Diners Club PayPal, Facebook, Twitter, Google, Yahoo, Microsoft Live ID, Box, WordPress, IBM Sametime, and various email services, and bank accounts.

The researchers found that there are problems SSL and mobile anti-virus: “We have managed to build virus signatures in the antivirus application and get it to recognize any application as a virus, and a fully disable antivirus protection.” (more…)

wi-fiResearch carried out by Sophos, shows that 8% of the more than 100,000 access points Wi-Fi, registered in the center of London, do not use encryption technology, and 19% use encryption technology, WEP. According to the researchers, the fact that many Wi-Fi networks in London used fairly old technology encryption WEP, can be explained by the fact that quite a number of Internet users are using older Wi-Fi routers that do not support the more modern encryption technology.

Most experts say that the root of the problem lies in the fact that the majority of Internet users use their existing equipment on a “works fine”, often replacing it only when the existing equipment is beyond repair. (more…)