Tagged: browser

Hack in Paris 2015 0

Hack in Paris 2015

It was my first time at Hack in Paris, with a single track of talks, but definetely good ones. I'll be highlighting below what struck me the most. You don't hear me but your phones voice interface does (José Lopes Esteves, Chaouki Kas…

Why We Encrypt 0

Why We Encrypt

Encryption protects our data. It protects our data when it’s sitting on our computers and in data centers, and it protects it when it’s being transmitted around the Internet. It protects our conversations, whether video, voice, or text.

Detecting QUANTUMINSERT 0

Detecting QUANTUMINSERT

Fox-IT has a blog post (and has published Snort rules ) on how to detect man-on-the-side Internet attacks like the NSA’s QUANTUMINSERT. From a Wired article : But hidden within another document leaked by Snowden was a slide that provided a few hints about detecting Quantum Insert attacks, which prompted the Fox-IT researchers to test a method that ultimately proved to be successful. They set up a controlled environment and launched a number of Quantum Insert attacks against their own machines to analyze the packets and devise a detection method

TA15-120A: Securing End-to-End Communications 0

TA15-120A: Securing End-to-End Communications

Original release date: April 30, 2015 Systems Affected Networked systems Overview Securing end-to-end communications plays an important role in protecting privacy and preventing some forms of man-in-the-middle (MITM) attacks. Recently, researchers described a MITM attack used to inject code, causing unsecured web browsers around the world to become unwitting participants in a distributed denial-of-service attack.

VU#534407: Barracuda Web Filter insecurely performs SSL inspection 0

VU#534407: Barracuda Web Filter insecurely performs SSL inspection

Vulnerability Note VU#534407 Barracuda Web Filter insecurely performs SSL inspection Original Release date: 28 Apr 2015 | Last revised: 28 Apr 2015 Overview Barracuda Web Filter prior to version 8.1.0.005 does not properly check upstream certificate validity when performing SSL inspection, and delivers one of three default root CA certificates across multiple machines for SSL inspection. Description According to Barracuda Networks , the Barracuda Web Filter is a “comprehensive solution for web security and management” with many features, including the ability to provide “visibility into SSL-encrypted traffic”. This SSL inspection feature of the Barracuda Web Filter is vulnerable to multiple issues