Over the past few years, we’ve seen a variety of TLS vulnerabilities steadily surface. In general, we brand each one as “just another TLS vulnerability,” but the intricacies of each are rather distinct, though not horribly convoluted. Let’s walk through a few together. 2014: Heartbleed and POODLE Heartbleed affects the OpenSSL library’s implementation of a […]
Continue Reading...
Posted in Software Architecture and Design | Comments Off on Attacks on TLS vulnerabilities: Heartbleed and beyond
WPA2? The weekend of Friday the 13th took a frightening turn—even for those of us who aren’t superstitious—when detrimental weaknesses were discovered in Wi-Fi Protected Access II (WPA2), the protocol responsible for securing Wi-Fi networks. WPA2 was first made available back in 2004 and has been required on all Wi-Fi branded devices since March 2006. […]
Continue Reading...
Posted in Data Breach, Software Architecture and Design | Comments Off on KRACK: Examining the WPA2 protocol flaw and what it means for your business
SHA-1 (Secure Hash Algorithm 1) is broken. It has been since 2005. And yet, that hasn’t stopped its continued use. For example, until early 2017 most internet browsers still supported SHA-1. As though to confirm that SHA-1 was really, truly dead, researchers from CWI Amsterdam and Google announced at the end of February 2017 they […]
Continue Reading...
Posted in Software Architecture and Design, Web Application Security | Comments Off on Forging a SHA-1 MAC using a length-extension attack in Python
