Tag: tls
-
1 in 500 secure connections use forged certificate
For reasons ranging from relatively good, to actual malware. Researchers from Facebook and Carnegie Mellon University have published a paper ( PDF ) in which they show that out of a sample of over 3 million secure connections to Facebook , 0.2% used a forged SSL certificate. SSL and its successor TLS are encryption protocols…
-
OpenSSL vulnerability lets attackers quietly steal servers’ private keys
Security firm advises regenerating keys and replacing certificates on vulnerable servers. A very serious vulnerability in OpenSSL has caused panic among network administrators: CVE-2014-0160 allows an attacker to read the memory of a vulnerable server and thus obtain private encryption keys, passwords and other kinds of sensitive information. OpenSSL is a widely used open-source implementation…