Archive for the ‘man-in-the-middle attack’ Category

Firefox Browser vulnerable to Man-in-the-Middle Attack

September 19th, 2016

A critical vulnerability resides in the fully-patched version of the Mozilla’s Firefox browser that could allow well-resourced attackers to launch man-in-the-middle (MITM) impersonation attacks and also affects the Tor anonymity network.

The Tor Project patched the issue in the browser’s HTTPS certificate pinning system on Friday with the release of its Tor Browser version 6.0.5, while

Posted in addons, browser security, Firefox, Firefox plugin, hacking news, man-in-the-middle attack, Mozilla Firefox, mozilla security, tor browser | Comments (0)

Lenovo Tells Users to Uninstall Vulnerable Updater

June 2nd, 2016

An advisory from PC maker Lenovo recommends that users uninstall Lenovo Accelerator Application, which includes components rife with security vulnerabilities.

Posted in bloatware, Duo Labs, Lenovo, Lenovo Accelerator Application, lenovo laptops, Lenovo notebooks, Lenovo updater, Lenovo vulnerabilities, local network access, man-in-the-middle attack, remote code execution, vulnerabilities, Web Security, Windows 10 | Comments (0)

How Certificate Transparency Monitoring Tool Helped Facebook Early Detect Duplicate SSL Certs

April 11th, 2016

Earlier this year, Facebook came across a bunch of duplicate SSL certificates for some of its own domains and revoked them immediately with the help of its own Certificate Transparency Monitoring Tool service.

Digital certificates are the backbone of our secure Internet, which protects sensitive information and communication, as well as authenticate systems and Internet users.

The

Posted in certificate authority, certificate transparency, Certificate Transparency monitoring service, CT logs, Fake SSL Certificate, HTTP, man-in-the-middle attack, SSL encryption, website encryption | Comments (0)

Critical OpenSSH Flaw Leaks Private Crypto Keys to Hackers

January 15th, 2016

A ‘Serious’ security vulnerability has been discovered and fixed in OpenSSH – one of the most widely used open-source implementations of the Secure Shell (SSH) Protocol.

The critical vulnerability could be exploited by hackers to force clients to leak their secret private cryptographic keys, potentially exposing users to Man-in-the-Middle (MITM) attacks.

What Causes the Flaw to occur?

Posted in encryption keys, hacking news, hacking server, man-in-the-middle attack, OpenSSH, patch update, server security, steal crypto keys, Vulnerability | Comments (0)

All Drupal Versions Susceptible to Code Execution, Credential Theft Vulnerabilities

January 6th, 2016

A number of issues exist in the content management system Drupal that could lead to code execution and the theft of database credentials via a man-in-the-middle attack, a researcher warns.

Posted in Acquia, CSRF vulnerabilities, Drupal, IOActive, man-in-the-middle attack, MitM attack, vulnerabilities, Web Security | Comments (0)

How Hackers Can Hack Your Chip-and-PIN Credit Cards

October 21st, 2015

October 1, 2015, was the end of the deadline for U.S. citizens to switch to Chip-enabled Credit Cards for making the transactions through swipe cards safer.

Now, a group of French forensics researchers have inspected a real-world case in which criminals played smart in such a way that they did a seamless chip-switching trick with a slip of plastic that it was identical to a normal credit

Posted in Chip-and-PIN, credit card fraud, credit card hacking, EMV chip cards, hack credit card, hacking news, identity theft, man-in-the-middle attack, Point-of-sale system | Comments (0)

Exploiting Browser Cookies to Bypass HTTPS and Steal Private Information

September 25th, 2015

A newly discovered critical flaw in the implementation of web cookies by major browsers could open secured (HTTPS) browsing to Man-in-the-middle attacks.

The US Computer Emergency Response Team (CERT) has revealed that all the main browser vendors have improperly implemented the RFC 6265 Standard, also referred to as “Browser Cookies,” allowing…

…remote attackers to bypass secure HTTPS

Posted in cookies stealing, hacking news, https cookies, HTTPS encryption, man-in-the-middle attack, Web Cookies | Comments (0)

Lenovo Patches Vulnerabilities in System Update Service

May 6th, 2015

IOActive researchers disclosed details on three patched vulnerabilities in Lenovo’s System Update mechanism.

Posted in certificate validation, Featured, IOActive, Lenovo, man-in-the-middle attack, Michael Milvich, phony certificates, privilege escalation, Rob Graham, Sofiane Talmat, Superfish, System Update vulnerabilities, vulnerabilities, Web Security | Comments (0)