Cryptography - Page 11 - Results from #200

Discover Cryptography News

Tests confirm Heartbleed bug can expose server's private key

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Four researchers working separately have demonstrated a server's private encryption key can be obtained using the Heartbleed bug, an attack thought possible but unconfirmed.

LinuxSecurity.com Team
Apr 14, 2014

Answering the Critical Question: Can You Get Private SSL Keys Using Heartbleed?

Below is what we thought as of 12:27pm UTC. To verify our belief we crowd sourced the investigation. It turns out we were wrong. While it takes effort, it is possible to extract private SSL keys. The challenge was solved by Software Engineer Fedor Indutny and Ilkka Mattila at NCSC-FI roughly 9 hours after the challenge was first published.

LinuxSecurity.com Team
Apr 12, 2014

Schneier on Heartbleed

Basically, an attacker can grab 64K of memory from a server. The attack leaves no trace, and can be done multiple times to grab a different random 64K of memory. This means that anything in memory -- SSL private keys, user keys, anything -- is vulnerable. And you have to assume that it is all compromised. All of it.

LinuxSecurity.com Team
Apr 10, 2014

The critical, widespread Heartbleed bug and you: How to keep your private info safe

No matter how hard you try to stay safe, some aspects of securing your online data are completely out of your hands. That fact was made painfully obvious on Monday, when the Internet got caught with its collective pants down thanks to a critical vulnerability affecting a fundamental tool for secure online communications.

LinuxSecurity.com Team
Apr 10, 2014

Untraceable 'Heartbleed' Bug Lets Hackers Steal Encrypted Data

Many of the websites you use at home and in the office are vulnerable to hacking, according to researchers who uncovered a security flaw in OpenSSL, the open-source software that is used to encrypt online communications. Websites and apps that encrypt data with a password likely use OpenSSL, and the cryptographic library is used to secure the servers that work with more than 66 percent of active websites on the Internet.

LinuxSecurity.com Team
Apr 09, 2014

Critical crypto bug in OpenSSL opens two-thirds of the Web to eavesdropping

Researchers have discovered an extremely critical defect in the cryptographic software library an estimated two-thirds of Web servers use to identify themselves to end users and prevent the eavesdropping of passwords, banking credentials, and other sensitive data.

LinuxSecurity.com Team
Apr 08, 2014

'Nearly unbreakable' crypto modeled off human body

University researchers claim to have designed a 'nearly unbreakable' cryptography model based on the human respiratory system, which they say could make life tough for criminals and spying governments.

LinuxSecurity.com Team
Apr 07, 2014

Understanding Bitcoin and crypto-currency

Bitcoin and other "crypto-currencies" have been touted by their followers as the money of the future. However, the last 12 months have shown the pluses and minuses of the technology.

LinuxSecurity.com Team
Apr 07, 2014

Report: RSA endowed crypto product with second NSA-influenced code

Security provider RSA endowed its BSAFE cryptography toolkit with a second NSA-influenced random number generator (RNG) that's so weak it makes it easier for eavesdroppers to decrypt protected communications, Reuters reported Monday.

LinuxSecurity.com Team
Apr 03, 2014

Creating Forensic Sketches from DNA

It's already possible to make some inferences about the appearance of crime suspects from their DNA alone, including their racial ancestry and some shades of hair colour. And in 2012, a team led by Manfred Kayser of Erasmus University Medical Center in Rotterdam, the Netherlands, identified five genetic variants with detectable effects on facial shape.

LinuxSecurity.com Team
Mar 31, 2014

Bletchley Park code-breaker Jerry Roberts dies, aged 93

Raymond "Jerry" Roberts - one of the last of a top World War Two code-breaking team at Bletchley Park - has died, aged 93, following a short illness.

LinuxSecurity.com Team
Mar 27, 2014

VIDEO: Bruce Schneier on Incident Response and His Next Book

Few figures in the IT security landscape command the respect and admiration of so many people as does Bruce Schneier. The well-regarded expert recently changed jobs, moving from BT to become the CTO of Co3 Systems in January of this year.

LinuxSecurity.com Team
Mar 14, 2014

Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping

Hundreds of open source packages, including the Red Hat, Ubuntu, and Debian distributions of Linux, are susceptible to attacks that circumvent the most widely used technology to prevent eavesdropping on the Internet, thanks to an extremely critical vulnerability in a widely used cryptographic code library.

LinuxSecurity.com Team
Mar 04, 2014

Bitcoin value drops sharply after tech issues continue

Bitcoin's value has dropped sharply after one of the largest trading exchanges said there was a flaw in the virtual currency's underlying software.

LinuxSecurity.com Team
Feb 13, 2014

NSA/GCHQ Accused of Hacking Belgian Cryptographer

There has been a lot of news about Belgian cryptographer Jean-Jacques Quisquater having his computer hacked, and whether the NSA or GCHQ is to blame. There have been a lot of assumptions and hyperbole, mostly related to the GCHQ attack against the Belgian telecom operator Belgacom.

LinuxSecurity.com Team
Feb 10, 2014

U.S. Indicted Me For Not Giving FBI My Source Code

The indicted founder of digital currency Liberty Reserve says the U.S. government began targeting him only after he refused to turn over the source code for his proprietary system to the FBI.

LinuxSecurity.com Team
Jan 31, 2014

Ex-NSA guru builds $4m encrypted email biz - but its nemesis right now is control-C, control-V

A security startup founded by a former NSA bod has launched an encrypted email and privacy service, aimed initially at ordinary folks.

LinuxSecurity.com Team
Jan 24, 2014

Yesterday, the Internet Solved a 20-Year-Old Mystery

Yesterday afternoon, a woman seeking help with a decades-old family mystery posted a thread on Ask Metafilter titled "Decoding cancer-addled ramblings":

LinuxSecurity.com Team
Jan 22, 2014

Target hackers: Anyone know how to break bank encryption?

Underground cybercriminals are attempting to decrypt a 50GB dump of encrypted debit card PINs that security watchers reckon were lifted during last year's high profile breach against retail giant Target.

LinuxSecurity.com Team
Jan 14, 2014

Bruce Schneier Joins Startup Co3 Systems

Bruce Schneier, the famed cryptographer and author who recently left his longtime post at BT, has taken a new position as CTO of Co3 Systems, a startup that provides incident response systems. Schneier, a central figure in the security industry for more than two decades, said he is excited about the new challenge ahead.

LinuxSecurity.com Team
Jan 06, 2014

Linux Cryptography

Abyss Locker Ransomware Targets Linux & Windows Users

Linux Foundation Joins Post-Quantum Cryptography Alliance

New Decryption Key Available for Babuk Tortilla Ransomware Victims