VB Migration

Tag: https

  • $150k in cryptocurrency stolen through combined BGP-DNS hijack

    If the Internet is, as is often said, held together with elastic bands and pieces of Sellotape, BGP is essentially a bunch of post-it notes that serve as traffic signs. BGP hijacks – in which a malicious attacker essentially takes over one or more ranges of IP addresses – are not extremely common, but for a protocol…

  • $150k in cryptocurrency stolen through combined BGP-DNS hijack

    If the Internet is, as is often said, held together with elastic bands and pieces of Sellotape, BGP is essentially a bunch of post-it notes that serve as traffic signs. BGP hijacks – in which a malicious attacker essentially takes over one or more ranges of IP addresses – are not extremely common, but for a protocol…

  • Transparency is essential when monitoring your users’ activities

    The inspection of HTTPS traffic is a sensitive issue among security experts. On the one hand, there are those who argue that this breaks the important end-to-end principle of secure connections, while others argue that it is essential if one wants to block malicious network traffic, which is increasingly using HTTPS. I tend to side…

  • Transparency is essential when monitoring your users’ activities

    The inspection of HTTPS traffic is a sensitive issue among security experts. On the one hand, there are those who argue that this breaks the important end-to-end principle of secure connections, while others argue that it is essential if one wants to block malicious network traffic, which is increasingly using HTTPS. I tend to side…

  • VB2017 Small Talk: The encryption vs. inspection debate

    We all know that security often gets in the way of convenience, but sometimes security even gets in the way of security. This is the case, for example, when a decision needs to be made on whether to break an encrypted HTTP connection in order to inspect it for malicious content. HTTPS allows for this to…

  • VB2017 Small Talk: The encryption vs. inspection debate

    We all know that security often gets in the way of convenience, but sometimes security even gets in the way of security. This is the case, for example, when a decision needs to be made on whether to break an encrypted HTTP connection in order to inspect it for malicious content. HTTPS allows for this to…

  • Security products and HTTPS: let’s do it better

    It is one of the most hotly discussed topics in the security community: is it acceptable for a security product to intercept encrypted HTTP communication (HTTPS) to analyse its content? First, those who are against the practice point out that it breaks the end-to-end principle of HTTPS. This is obviously true, but misses an important…

  • Security products and HTTPS: let’s do it better

    It is one of the most hotly discussed topics in the security community: is it acceptable for a security product to intercept encrypted HTTP communication (HTTPS) to analyse its content? First, those who are against the practice point out that it breaks the end-to-end principle of HTTPS. This is obviously true, but misses an important…

  • Weak keys and prime reuse make Diffie-Hellman implementations vulnerable

    ‘Logjam’ attack possibly used by the NSA to decrypt VPN traffic. A group of researchers have discovered a number of vulnerabilities in the way the Diffie-Hellman key exchange protocol is deployed and have demonstrated an attack (dubbed ‘ Logjam ‘) that exploits these vulnerabilities. Diffie-Hellman is used by two entities (typically referred to as Alice…

  • FREAK attack takes HTTPS connections back to 1990s security

    Golden keys from the (first) crypto wars have come back to haunt us. When a web client makes a secure connection to a web server (using HTTPS), it starts by sending a ‘Hello’ message in which it announces which cipher suites it supports. The web server then chooses one, presumably the one that offers the…