Master passwords and flawed standards implementations allow attackers to access encrypted data without having to know the user’s password Researchers in digital forensics and cybersecurity based in the Netherlands revealed the presence of vulnerabilities in some solid state drives (SSD) that allow an attacker to bypass the disk encryption function and access local data without knowing the […]
testssl.sh is a free command line tool which checks a server’s service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws. Key features Clear output: you can tell easily whether anything is good or bad Ease of installation: It works for Linux, OSX/Darwin, FreeBSD, NetBSD, OpenBSD (needs bash) […]
CyberChef is a simple, intuitive web app for carrying out all manner of “cyber” operations within a web browser. These operations include simple encoding like XOR or Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data, calculating hashes and checksums, IPv6 and X.509 parsing, changing character […]
The group threatens to take legal action Five Eyes alliance member countries have threatened to implement legislation if technology providers do not cooperate with authorities to break end-to-end encryption in specific cases where private information about suspects is sought of criminal activity, as reported by ethical hacking experts from the International Institute of Cyber Security. The five country […]
The new Skype 8.0 has been fully redesigned and will replace its predecessor, version 7.0, which will cease to function after September 1, 2018. The new version comes with several great features like HD video calling (with a maximum of 24 people), screen sharing during calls, file sharing up to 300 MB, media gallery, and […]
A team of information security experts released a warning about a group of vulnerabilities that affect users of PGP and S / MIME. EFF kept in communication with the research group and can confirm that the vulnerabilities present an immediate risk for the users of these tools in the communication by email. The details will be published […]
You might rest assured after setting a Master Password in the Firefox web browser, but it’s not as secure as you think. Last year, Mozilla did a major overhaul of their browser in the form of Firefox Quantum. But the non-profit forgot to fix the security holes that exist in their ‘very fast’ web browser […]
FBI (Federal Bureau of Investigation) director blames encryption for thousands of phones the Bureau could not unlock but then he also supports “strong encryption.” FBI director Christopher Wray said during a conference that the Bureau in 2017 failed to open 7,800 mobile devices and view their contents. The reason for this was that those devices were encrypted. […]
In the past, you might have read the in-depth review of NordVPN on Fossbytes. But one needs to consider more than one or two names before choosing a VPN service and investing their money. In this article, I’d like to post a review of the VPN service called ExpressVPN. It stands in third place in […]
Critics have long argued that the government has wide latitude to conduct surveillance under broad approvals from the Foreign Intelligence Surveillance Court. The US government does not need the approval of its secret surveillance court to ask a tech company to build an encryption backdoor. The government made its remarks in July in response to questions posed […]
DUHK (Don’t Use Hard-coded Keys) is a new crypto implementation attack that could enable attackers to obtain secret keys that secure VPN (Virtual Private Network) connections, web browsing sessions and read encrypted communications crossing over VPN connections. The encrypted data could contain sensitive business data, login credentials, credit card information and other private data. The […]
DUHK attack targets the old vulnerability that resides in the pseudorandom number generator called ANSI X9.31. It is an algorithm widely used to generate cryptographic keys that secure VPN connections and web browsing sessions. ANSI X9.31 PRNG is a pseudorandom number generator algorithm design that was incorporated into different structures cryptographic standards and listed as […]
Multi-platform transparent client-side encryption of your files in the cloud. Cryptomator provides transparent, client-side encryption for your cloud. Protect your documents from unauthorized access. Cryptomator is free and open source software, so you can rest assured there are no backdoors. Cryptomator encrypts file contents and names using AES. Your passphrase is protected against bruteforcing attempts […]
While we were still finding it difficult to forget the Krack attack, a five-year-old bug has resurfaced in a new form to haunt Google and Microsoft. Known as ROCA (Return of Coppersmith’s Attack), the encryption key-related exploit is named after the Coppersmith’s attack. The ROCA hack: Vulnerable RSA Generation (CVE-2017-15361), developed by the researchers at Centre […]
Apple rushed out an emergency patch Thursday that fixed an incredulous bug in its shiny new High Sierra operating system that revealed APFS volume passwords via the password hint feature. Brazilian researcher Matheus Mariano of Leet Tech found the bug and privately disclosed it to Apple. He said that upon creation of an encrypted container in APFS—Apple’s […]
A team of researchers from Fox-IT and Riscure has put together a device using off-the-shelve electronic parts that deduces encryption keys using only electromagnetic emissions coming from a nearby computer. The device exploits a well-known side-channel attack known as “Van Eck phreaking” and was specifically built to recover the encryption key from AES256 algorithms. Attack […]
Perl development team solved a flaw in DBD—MySQL in some configurations that wasn’t enforcing encryption allowing an attacker to power MiTM attacks. The security researcher Pali Rohár reported an important flaw in DBD—MySQL, tracked as CVE-2017-10789, that affects only encryption between client and server. According to the expert, the issue in some configurations wasn’t enforcing encryption allowing an attacker to power […]
A “determined” attacker has breached the email system of the UK Parliament over the weekend, according to a statement put out by the UK government on Sunday afternoon. The attack took place on Saturday and consisted of a brute-force attack that attempted to guess the passwords of email accounts belonging to various members of Parliament […]
The European Parliament has set up a revised list does not require that the encryption of a party to a party when you are comfortable but prohibits the background that provides secure access to law enforcement. So European Government Proposes Ban On Encryption Backdoors. Prime Minister Theresa May and who want to make technology companies like […]
The threat of ransomware attack is growing and here is how to protect yourself from encryption based malware known as ransomware. The Internet is dark and full of terrors! Yes, the virtual world has its fair share of downsides as well. Online threats such as data hacking, virus infestation, malware attacks are common. Ransomware is […]
It’s more than a week since WannaCry ransomware started causing panic among the internet community. However, as time passes, more and more security researchers across the world are coming up with fixes for the WannaCry ransomware. Earlier, it was a researcher who accidentally created a kill switch for the ransomware. Now, another researcher named Adrien Guinet […]